Last update 19/10/2018

1.General information regarding data processing and legal grounds

1.1 This Data Policy informs you which personal data is collected when visiting our websites as part of our online offer and the websites associated with it, and how the data is used. You have the right to receive information on request and free of charge at any time about the personal data we have stored about you.

1.2 This Data Policy applies to the use of the websites www.dox-box.org, www.community.dox-box.org, www.documentary-convention.org, hereinafter referred to as “websites”. The operators of these websites take the protection of your personal data very seriously. We will treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Data Policy.

1.3 The personal data of the users which is processed as part of the online offer includes user data (e.g. names and addresses of users), usage data (e.g. the visited websites of our online offer, interest in our programmes) and content data (e.g. information entered in contact form).

1.4 The term “users” covers all categories of the data processing of affected persons. This includes our partners, financiers, grantees, interested parties, and other visitors to our online services.

1.5 We would like to point out that data transmission on the internet (e.g. as part of communication via email) may have security gaps. Full protection of the data against access by third parties is not possible.

2. Security measures

2.1. We adopt organisational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and to protect the data which is processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorised persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

3. Distribution of data to third parties and third party providers

3.1 Distribution of data to third parties only takes place on the basis of legal regulations. We shall only pass on the data of the users to third parties, if the users have given their consent to the distribution (Art. 6 (1) a EU GDPR), if it is required for contractual purposes (Art. 6 (1) b EU GDPR), for compliance with legal obligations (Art. 6 (1) c EU GDPR), in order to protect the vital interests of the users (Art. 6 (1) d EU GDPR), or on the basis of legitimate interests in order to assure effective operations of our organisational activities (Art. 6 (1) c EU GDPR).

3.2 If we use subcontractors in order to provide our services, we shall take suitable legal measures and corresponding technical and organisational measures in order to ensure the protection of the personal data in accordance with relevant statutory regulations.

3.3. If as part of this Data Policy we use content tools or other means from other providers (hereinafter referred to jointly as “third party providers”) and their named headquarters are situated in a third country, it is to be assumed that a data transfer will take place in the countries of the headquarters of the third party provider. Third countries are to be understood as countries, in which the GDPR is not a directly applicable law, which generally means countries outside the EU or the European Economic Area. The transfer of data to third countries takes place if there is an appropriate level of data protection, consent of the users or another form of legal permission.

4. Collection of access data and log files

4.1 If you visit one of the websites of DOX BOX e.V., your internet browser automatically sends data to our web server. The following data is automatically collected and stored:

• Name of the retrieved file
• Date and time of the retrieval
• IP address
• Size of the retrieved file
• Status code of the transmission (technical Info)
• Browser type/version and operating system used
• Referrer URL
• Geographical location

4.2 The log file information is stored for security reasons (e.g. for the clarification of acts of abuse or fraud) for the duration of a maximum of seven days. Data, the further retention of which is required for evidence purposes, is to be excluded from deletion until full clarification of the respective incident.

4.3 A merging of this data with other data sources shall not be undertaken. In anonymised form the data shall also be evaluated by us for statistical purposes.

5. Cookies

5.1 Cookies are information transferred from our web server or the web servers of third parties to the web browser of the users and stored there for later access. Cookies can be small files or other types of information storage.

5.2 We use “session cookies“ that are only stored for the duration of the current visit to our website (e.g. in order to store your login status and therefore enable the use of our online offer). In a Session Cookie a unique, randomly generated identification number is stored, known as a Session ID. Furthermore, a Cookie contains the information about its origin and the storage period. These cookies are not able to store any other data. Session cookies are deleted when you have ended the use of our online offer and, for example, logged out or closed the browser.

5.3 The users shall be informed about the use of cookies in the course of pseudonymous reach measurement as part of this Data Policy (see statistical analysis with Google Analytics, Sect. 6 of this Data Policy).

5.4 If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the browser settings. Stored cookies can be deleted in the browser settings. Blocking cookies can lead to functional limitations of the online offer.

6. Statistical analysis with Google Analytics

6.1 We use, on the basis of our legitimate interests (which means interest in the analysis, optimisation and handling of our online services pursuant to Art. 6 (1) f of the GDPR), the web analytics service Google Analytics for the statistical analysis of user access. Google Analytics is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies”, which are text files that are stored on your computer and enable us to perform an analysis of the website use. In order to do this, information generated by the Cookie about the use of this website is stored on our server. The IP address is anonymised before storage.

6.2 The information generated by the Cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies via a corresponding browser setting; however, we would like to point out to you that in this case it is possible that you will not be able to use all functions of our websites in full.

6.3 If you do not agree to the storage and use of your data, you can prevent the storage and use by installing the Google Analytics Opt-Out Browser Add-on, which is downloadable here:  https://tools.google.com/dlpage/gaoptout.

The add-on is compatible with Chrome, Internet Explorer 11, Safari, Firefox, and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. You can more about the opt-out browser add-on here: https://support.google.com/analytics/answer/181881?hl=en.

Click here to opt-out.

7. Establishing contact

7.1 When establishing contact with us (by contact form or email) the user information is processed in order to deal with the contact request and its handling in accordance with Art. 6 (1) b of the EU GDPR.

7.2 Your information from our enquiry forms, including the contact details provided by you, shall be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

8. Comments and contributions

8.1 If users upload content, leave comments, or other provide contributions, their IP address will be stored for 7 days on the basis of our legitimate interests pursuant to Art. 6 (1) f of the EU GDPR.

8.2 This takes place for our security, in case a user leaves unlawful content (insults, forbidden political propaganda, etc.) in uploaded content, comments and contributions. In this case we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

9. Registration on our websites

9.1 We process user data (e.g. names, contact details, age, nationality, country of residence, and profession), for the purpose of the fulfilment of our contractual obligations and services in accordance with Art. 6 (1) b of the EU GDPR.

9.2 Users also have the option of setting up a user account e.g. on the DOX BOX Community Portal. This is necessary in order to enjoy the services and benefits offered on our Community Portal like the Docupedia, Film library, contacting other Community users, contributing to the content, among many others. As part of the registration process, the required mandatory information of users shall be communicated. User accounts are not public and cannot be indexed by search engines.

9.3 We require personal data for the following purposes:

• Granting access to the Community portal including all services and benefits offered there
• Processing applications for our support schemes like the Residency, the E-Course and others
• Collecting statistical data

9.4 If you are registered on our Community Portal, you can access content and services which we exclusively offer to registered users. Users of the Community portal furthermore have the opportunity to present themselves by sharing their professional biography or other personal data in their profiles, which will only be visible to other registered users on the exclusive membership platform. This information can be changed and deleted by the users at any time. However, mandatory data provided at registration (see 9.1) cannot be changed or deleted. In order to contact us in this regard, please use the contact details provided at the end of this Data Policy.

9.5 If for any reason you should be required to provide the personal data of third parties, you need to ensure in advance that you have the consent of the affected person(s) to provide this data to us.

9.6 The user data shall be treated confidentially by us and stored on secure servers. Personal data, which you enter via forms on the Community portal, shall be processed by us in the form of emails. It is therefore stored on our email server.

9.7 As part of the registration and repeated logins and the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as those of users, to protect our services against abuse and other unauthorised use. Distribution of this data to third parties does not take place as a matter of principle, unless it is required to pursue our claims or a legal obligation for this exists in accordance with Art. 6 (1) c of the GDPR.

9.8 Unless otherwise agreed, the consent for the storage of the data applies until the expiry of the validity of this guideline, but never longer than 5 years. Users of our website shall be automatically once again asked to give their consent following expiry of this period or in the event of changes to this guideline.

9.9 If users have terminated their user account, their account data shall be deleted immediately unless a further storage is required for legal requirements (Art. 6 (1) c EU GDPR) or for the fulfillment of our legitimate interests (Art. 6 (1) f EU GDPR). It is the responsibility of the users to back-up their data in the event of termination. We are entitled to irretrievably delete all data of the user stored during the term of the agreement.

10. Integration of Script libraries like Google Webfonts and Adobe Typekit

10.1 In order to show our content correctly in all browsers and in a graphically appealing manner, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) and Adobe Typekit (https://typekit.com/) on some of our websites. These script libraries are transferred into the cache of your browser to avoid multiple loading. If the browser does not support Google Webfonts and/or Adobe Typekit, or prevents access, content is shown in a standard font. The retrieval of script libraries or font libraries automatically produces a connection to the library operator.

10.2 You can find the data protection guideline of the script library operator Google here: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/.

10.3 You can find the data protection guideline of the script library operator Adobe here: https://www.adobe.com/be_en/privacy/policy.html; privacy choices and opt-out: https://www.adobe.com/be_en/privacy/opt-out.html.

11. Integration of Google Maps

11.1 Some of our websites use maps from the service “Google Maps” of the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to present geographical information visually (e.g. an overview of the location of the Documentary Convention). When using Google Maps, data about the use of the map functions by visitors is also collected, processed and used by Google. You can find further information about the data processing by Google from the Google data protection notice. You can also change your personal data protection settings in the data protection centre. Data Policy: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/

12. Embedded YouTube videos

12.1 On some of our websites we embed YouTube videos. The operator of the corresponding plug-in is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a website with the YouTube plug-in, a connection to the YouTube servers is established. In the process YouTube is notified about which sites you visit. If you are logged into your YouTube account, YouTube can personally identify your surfing behaviour. You can prevent this by logging out of your YouTube account in advance.

12.2 If a YouTube video is launched, the provider uses cookies which collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ad Program will not have to anticipate any of these types of cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in your browser. You can find further information about the use of user data in the Data Policy of YouTube at: https://www.google.de/intl/de/policies/privacy/

13. Embedded Vimeo videos

13.1 On some of our websites we embed Vimeo videos. Vimeo is operated by Vimeo, LLC with headquarters in 555 West 18th Street, New York, New York 10011, USA. When you visit a website with a Vimeo plug-in, a connection to the Vimeo server is established and the plug-in is displayed. Through this, the Vimeo server receives information on which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo links this information to your personal user account. When using the plug-in, for example by clicking the start button of a video, this information is also linked to your user account. You can prevent this information from being linked by signing out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies. You can find more information about the data processing and data protection of Vimeo at: https://vimeo.com/privacy.

14. User rights

14.1 Users have, at any time, the right to request information free of charge about the personal data we store about them.

14.2 In addition, the users have the right to correct incorrect data, restrict data processing, and delete their personal data.

14.3 Users can also revoke consent, always with implications for the future.

14.4 If you would like information about your personal data, data correction, or deletion, please contact our Data Protection Officer at

DOX BOX e.V.
Turmstr. 70
D-10551 Berlin
Germany

Telephone: +49 30 40751383
Email: dataprotection@dox-box.org

15. Right of objection

15.1 Users can object to the future processing of their personal data in accordance with legal requirements at any time. The objection can be pronounced in particular against the processing for purposes of direct advertising.

16. Changes to the Data Policy

16.1 We reserve the right to change the Data Policy in order to adapt it to altered legal situations, or in the event of changes to the services we provide as well as to data processing itself. However, this only applies with regard to declarations about data processing. If user consent is required or integral parts of the Data Policy contain provisions of the contractual relationship with the users, the changes take place only with user consent.

16.2 DOX BOX asks all users to regularly familiarise themselves with the contents of this Data Policy.