­Privacy policy

This privacy policy informs you about the type, scope and purpose of the collection and use of personal data on this website and our social media pages „at a glance“ or in detailed form.

The controller is TOBIS Film GmbH, Kurfürstendamm 68, 10707 Berlin, registered with the Local Court of Charlottenburg under HRB 174916 B, represented by the managing directors Timm Oberwelland, Theodor Gringel ("we/us/our") as the provider of a website at www.tobis.de ("Website") or social media pages, such as our Facebook pages.

If you have any questions about data protection, we can be reached by email at info@tobis.de or datenschutz@tobis.de.

On data protection "at a glance”

Controller / data protection officer

TOBIS Film GmbH
Kurfürstendamm 68, 10707 Berlin, registered with the Charlottenburg District Court under HRB 174916 B, represented by the managing directors Timm Oberwelland, Theodor Gringel

Phone: (49) 30 839007-0
Fax: (49) 30 839007-65
Email: info@tobis.de

We have appointed an external data protection officer. He can be contacted at datenschutz@tobis.de.

When using certain third party services, these third party providers may be jointly controlling with us the data processing. This is explained in more detail in the privacy policy.

Purposes of the processing of the data / necessity / legal bases / legitimate interests 

The data is used for fraud prevention (Art. 6 (1) b. and f.). GDPR) as well as for advertising and quality assurance purposes (Art. 6 (1) a., b. or f. GDPR) in order to enable continuous technical error-free provision and improvement of the service.

Furthermore, for the purpose of sending newsletters (via email) or messages (via messenger), data will be processed with your explicit consent (Art. 6 para. (1) a. GDPR).

The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR) as well as in the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

With regard to data processing pursuant to Art. 6 (1) f. GDPR, the provider or commissioned third parties pursue the legitimate interests of marketing, quality assurance or fraud prevention.

Recipients and provision of the data

The data is processed by us as the provider or, for hosting and quality assurance and advertising purposes, by third-party providers. Details of this can be found in the privacy policy below. You provide the data via the website if this is necessary for the stated purposes. Failure to provide the data may have legal disadvantages for you, such as the loss of legal positions, for example, no error-free provision of the website.

Data transfer outside the EU

When using the service, your data may be transferred to third countries, i.e. countries outside the EU, due to the integration of third-party providers, whereby the providers used guarantee a level of data protection that applies within the EU or you explicitly consent to the transfer of data. Details can be found in the privacy policy below.

Deletion of the data

The data will be deleted as far as they are no longer necessary for the purpose of processing.

Objection / Your rights

You have the right to object to the use of your data processed on the basis of your consent (for example for the purpose of direct advertising) at any time with effect for the future.

You are entitled to receive information about the stored data (in a structured, common and machine-readable format) at any time and to demand that the data be corrected if it is incorrect or deleted if it is stored in an inadmissible manner.

You can reach us for this purpose under the above-mentioned contact options.

You or the person affected by the data processing have the right to lodge a complaint with the supervisory authority. A list of data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Automated decision-making ("profiling")

No "profiling" or automated decision-making by us takes place on the website or when using our service; however, such profiling may take place in individual cases through third-party providers used by us, whereby we refer to this in the privacy policy where possible.

Data security

For the best possible protection of your data, the provision of TOBIS’ service is made via a secure SSL connection between your server and the browser, which means the data is transmitted in encrypted form. We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.

On data protection in detailed form:

I. What is personal data?
II. How is the data of website visitors or users of TOBIS services used? Does automated decision-making (profiling) take place?
III. Which third-party services and offers (cookies, Google Analytics, social plugins) are integrated on the website?IV. How is data used on Facebook pages (Facebook pages)?
V. Is data passed on to third parties?
VI. Is data transmitted or transferred outside the European Union (EU)?
VII. Your rights: information, revocation, changes, corrections and updates, deletion, restriction of processing, data portability, right of complaint
VIII. Data security, scope, contact person

I. What is personal data?

Personal data is information that can be used to identify a person, therefore information that can be traced back to a person. This includes, for example, name, email address or telephone number, but also data about hobbies, memberships or which websites were viewed by someone count as personal data. Personal data is only collected, used and passed on by us if this is permitted by law or the users consent to the data collection.

II. How is the data of website visitors or users of TOBIS services used? Does automated decision-making (profiling) take place?

Visiting the website

We (or the web space provider) collect data about each visit to our website (so-called server log files) ("access data"). The access data includes:

Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

and additionally when using a mobile terminal:

Country code, language, device name, operating system name and version

We only use this access data for statistical evaluations for the purpose of the operation, security and optimisation of the website. However, we reserve the right to check this access data retrospectively if there is a justified suspicion of unlawful use on the basis of specific indications. The data processing is carried out on the legal basis of Art. 6 (1) f. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or fraud prevention are pursued.

Contact

When contacting us (e.g. by email), your details will be stored for the purpose of processing the enquiry and in the event that follow-up questions arise. This is done on the basis of your consent (Art. 6 (1) a. GDPR) or for the purpose of processing your enquiry (Art. 6 (1) b. GDPR).

Press service

As a press representative or cinema operator, you have the opportunity to register on our website for our press service, through which you can obtain information material and other digital content (photos/videos) about our films. To register, you must provide us with the data marked as mandatory in the application form. In addition to your name, address, e-mail address and telephone number, we record in particular the medium for which you work and the distribution districts in which your film theatres are located. The last-mentioned data serves as a basis for our decision-making with regard to your eligibility for registration. The data processing is based on your consent (Art. 6 (1) a. GDPR). Furthermore, the processing serves to initiate or execute the contract of use (legal basis Art. 6 (1) b. GDPR).

Newsletter; use of Mailchimp

With the email newsletter we inform you about us and our services. Only your email address is required to register for the newsletter. If you register for the newsletter, your email address will be transferred to us (or to Mailchimp) and stored there. After registration, the user receives an email to confirm the registration ("double opt-in"). With the registration for the newsletter, the IP address, the device name, the mail provider as well as the first and last name and the date of registration are stored with us. This storage is solely for the purpose of providing evidence in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorised person. The data processing for sending the newsletter is based on your consent (legal basis Art. 6 (1) a. GDPR).

For the purpose of sending newsletters, we use the "Mailchimp" service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, which processes the IP address, device name, the mail provider as well as the first and last name and the date on Mailchimp's servers in the USA for this purpose.

We would also like to point out that automated decision-making ("profiling") may take place when Mailchimp is integrated. We use the Mailchimp service to analyse the behaviour of users, for example whether they open the email sent or click on certain links in emails. When the newsletter is opened, the information contained (so-called web beacon) connects to Mailchimp's servers in the USA in order to analyse the user's behaviour. For this purpose, further technical information is collected, such as the IP address, browser type and operating system. The data processing is carried out on the legal basis of Art. 6 (1) f. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or marketing are pursued. You can find the privacy policy of Mailchimp here: https://mailchimp.com/legal/terms/.

After the ECJ declared the EU-US Privacy Shield Agreement invalid, the USA is an insecure third country in which there is no level of data protection comparable to EU standards. There is therefore a risk that government agencies may access your personal data through the transfer without you having any effective legal protection options. Your data will therefore only be transferred with your explicit consent.

Revocation of consent / objection: The user can revoke his/her consent to the processing of data for the purpose of sending the newsletter or evaluation by Mailchimp/us at any time. The revocation can be made via a link in each newsletter or by sending a message to us.

Automated decision-making ("profiling")

When using the offer, no "profiling" or automated decision-making by us takes place; however, such profiling may take place in individual cases through third-party providers used by us, and we refer to this in this privacy policy where possible. Profiling means any type of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalised advertising to the user or providing shopping tips. The data subject has the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the controller, (ii) is authorised by the EU or a Member State law to which the controller is subject and that law contains suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (iii) is made with the data subject's explicit consent. In such exceptional cases, the controller shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and contest the decision.

III. Which third-party services and offers (cookies, analytics, social plugins) are integrated on the website?

Cookies

Cookies are small files that make it possible to store specific, device-related information on the user's access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus you (e.g. storage of login data). On the other hand, they serve to collect statistical data on website use and to be able to analyse it for the purpose of improving the website.

When you visit the website, so-called session cookies are used, which are automatically deleted from the user's hard drive as soon as you close the browser window. The session cookies are needed to assign successive page requests to the respective users who access the website at the same time. In addition, we use the following third-party providers that set persistent cookies, i.e. cookies that are permanently stored on your end device.

We only set cookies that are not essential for the use of the website with your explicit consent, which we obtain via the cookie banner when you visit our website for the first time. If you wish to make changes to the choices you have made, adjust or withdraw the consent you have given, click hier.

On our website, we use the consent management tool "tarteaucitron" by the developer Amauri Champeaux, based in France. If you give your consent to the use of cookies, a cookie is set that stores your selection. This cookie is technically necessary and is set on the basis of Art. 6 para. 1 lit. f GDPR to document your consent. If you delete your cookies, we will ask you for your consent again when you visit the site at a later date.

Objection: You can influence the use of cookies. Most browsers have an option to restrict or completely prevent cookies from being stored. You can still manage many online ad cookies from companies via the US site  http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/. However, it should be noted that the use and in particular the user comfort is restricted without cookies.

Google Analytics

We use Google Analytics on the website, a web analytics service provided by Google LLC, Mountain View, CA, USA („Google“). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website, such as
Browser type/version; operating system used; referrer URL (the previously visited page); host name of the accessing computer (IP address); time of the server request when using the website
are generally transmitted to a Google server in the USA and stored there, whereby due to the activation of IP anonymisation on TOBIS, the IP address is shortened by Google beforehand within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is therefore not transmitted to a Google server in the USA and shortened there. IP anonymisation is active on TOBIS. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Insofar as IP anonymisation is omitted, the data processing is carried out on the legal basis of Art. 6 (I) lit. a. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance or statistical analysis of user behaviour are pursued.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Google Analytics across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Deactivate Google Analytics

Objection: You can also prevent the collection of the data generated by the cookie and related to your use of the website (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

We would also like to point out that automated decision-making („Profiling“) may take place if Google is integrated and an existing account is held there.
Objection: https://adssettings.google.com/authenticated

Further information can also be found in Google's privacy policy: http://www.google.de/policies/privacy/

Google Remarketing

This website uses the remarketing function of Google LLC, Mountain View, CA, USA ("Google"). This function is used to present interest-based advertisements to website visitors as part of the Google advertising network. The website visitor's browser stores so-called "cookies": text files that are stored on your terminal device and enable the visitor to be recognised when he or she visits websites that belong to Google's advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function. Insofar as the IP address is processed, the data processing is carried out on the legal basis of Art. 6 (I) lit. a. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of advertising or statistical analysis of user behaviour are pursued.

Objection: You can prevent the installation of cookies by setting your browser accordingly, for example by using a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only cookies from the domain "googleadservices.com".

We would like to point out that if Google is involved or if you have an existing account with Google, automated decision-making ("profiling") (see also [„Profiling“] above) may take place. Objection: https://adssettings.google.com/authenticated You can also find more information in Google's privacy policy: services.google.com/sitestats/en.html

Facebook Pixel

Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA or Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland („Facebook“) are integrated on our website. When you visit our website, a direct connection is established between your browser and the Facebook server via the remarketing tags. Facebook thereby receives the information that you have visited our website with your IP address. This enables Facebook to associate your visit to our website with your user account on Facebook. We can use the information obtained in this way to display Facebook Ads. We would like to point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by Facebook. Insofar as the IP address is processed, the data is processed on the legal basis of Art. 6 (I) lit. a. GDPR, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of advertising or statistical analysis of user behaviour are pursued.

Objection: If you do not want any data collection via Remarketing Custom Audience, you can deactivate it at https://www.facebook.com/ads/website_custom_audiences/ 

Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Facebook Pixel across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: deactivate Facebook Pixel

We would like to point out that automated decision-making („Profiling“) takes place when Facebook is integrated. Objection: You can make various settings within your Facebook account regarding possible advertising or profiling.

For more information, please see Facebook's privacy policy at https://www.facebook.com/policy.php.

Outbrain Pixel

We use the tracking „Outbrain“ of Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011, USA. The Outbrain tracking pixel is set when a user contacts an ad placed by Outbrain. The pixel uses information on the terminal device, browser type and your anonymised IP address to select suitable content, which is stored by Outbrain on servers in the USA. The ads integrated by Outbrain are determined on the basis of your previously read content. Personal data is not stored. We use Outbrain to display content and advertising of interest to the user, pursuing our legitimate interest of marketing and improving the website.

Objection: You can object to the tracking at any time; to do so, click on the "Opt-out" field at http://www.outbrain.com/de/legal/privacy. Further information on Outbrain's data protection can be found at http://www.outbrain.com/de/legal/privacy.

Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Outbrain Pixel across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Outbrain Pixel

Apester surveys

We use a plugin provided by Apester Ltd, Soncino 3 Tel Aviv 67216, P.O.box 57703, Israel („Apester“), to create and offer online quizzes, surveys or other interactive content. If a user participates in such an online quiz, survey or other interactive content, Apester may collect certain information (e.g. IP addresses, device-related information), which is then processed on servers outside the EU.

Objection: You may object to Apester's use of your data at any time by contacting privacy@apester.com or writing to Soncino 3 Tel Aviv 67216, P.O.box 57703, Israel.

Further information on Apester can be found here: http://apester.com/privacy/

JustWatch

This website uses services and surveys provided by JustWatch GmbH, Saarbrücker Straße 38, 10405 Berlin. JustWatch uses cookies to enable analysis of survey results at user level. The information generated by the cookie about your interaction with surveys is transmitted to a JustWatch server in the European Union and stored there in shortened form. The IP address transmitted by your browser as part of JustWatch is not merged with other data from JustWatch. The cookies stored by JustWatch and associated usage data are deleted after 50 months at the latest.

Objection: Deletion requests and other questions can be sent by email to datenschutz@justwatch.com at any time. These will be processed and carried out immediately. You can further influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. You can still manage many online ad cookies from companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/. However, it should be noted that the use and in particular the user comfort is restricted without cookies.

Further information on JustWatch can be found at: https://www.justwatch.com/de/Impressum

Youtube

Videos from the youtube.com platform of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA represented by Google LLC, USA ("YouTube") are integrated on the website. This is done by means of links to these videos, which is activated when you play this video.

When you call up a (sub-)page of our website on which YouTube videos are embedded, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser. However, the videos are only called up by clicking on them separately.

YouTube will then process data from you (e.g. IP address and which page you have visited) after you have clicked on it, in accordance with YouTube's data protection regulations. This is used, among other things, to play the video accordingly. However, this information cannot usually be assigned to you personally, unless you are logged into YouTube or another Google service while doing so. As soon as you start the playback of an embedded video by clicking on it, YouTube may continue to store cookies on your end device.

If the IP address (or other data) is processed, the data is processed on the legal basis of Art. 6 (I) lit. a. GDPR, whereby legitimate interests (or the legitimate interests of third parties involved with us) of quality assurance or statistical analysis of user behaviour are pursued.

Objection: You may refuse the use of cookies by selecting the appropriate settings on your browser or terminal software, however please note that if you do this you may not be able to use the full functionality of this website. You can prevent the further collection of data if you are logged into another Google service by managing the settings in your account there or by logging out.

More information on data protection and Youtube can be found here: policies.google.com/privacy You can further contact Youtube at the contact details given here: www.youtube.com/t/impressum

Social Plugins

The website is connected via "social plugins" to various social networks, namely Facebook, Twitter and AddThis. Without your intervention, the social plugins are deactivated and therefore no data is transmitted. If you would like to share content for example, you must first click on the respective button on the website. If you are logged in to your user account in the corresponding social network, after activating the button, an association with the visit to the website only takes place when the user clicks again, e.g. with the 'share/share function'.

If the IP address (or other data) is processed, the data is processed on the legal basis of Art. 6 (I) lit. a. GDPR, whereby our legitimate interests (or the legitimate interests of third parties involved with us) of quality assurance or statistical analysis of user behaviour are pursued.

Of course, you can deactivate this function at any time and manage it on the website. If you do not want the social networks to collect data about the website, you should log out of the social network before visiting the website. However, if you activate the corresponding button by clicking on it, cookie(s) with an identifier will still be set each time you visit the website. Therefore, data may be collected via this function and a profile may be created that can be traced back to an individual person under certain circumstances. In these cases, automated decision-making ("profiling") therefore takes place (see also [„Profiling“] above).

Social media services

Facebook

We use the social plugin for the social network facebook at facebook.com from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We would like to point out that automated decision-making ("profiling") takes place when Facebook is integrated. If you do not wish this, you can deactivate the corresponding link on the website by clicking on it. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the website may be limited. Furthermore, you can also make various settings within your account on Facebook for possible advertising or profiling.

More information on this and Facebook's privacy policy can be found at https://de-de.facebook.com/about/privacy/.

Instagram

We use the social plugin for the social network Instagram at www.instagram.com of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

We would like to point out that when Instagram is integrated, automated decision-making ("profiling") may take place. If you do not wish this, you can deactivate the corresponding link on the website by clicking on it. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the website may be limited. Furthermore, you can also make various settings within your account on Instagram for possible advertising or profiling.

More information on this and Whatsapp's privacy policy can be found at https://instagram.com/about/legal/privacy.

Twitter

We use the social plugin for the social network Twitter at twitter.com of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

We would like to point out that if Twitter is integrated, automated decision-making ("profiling") may take place. If you do not wish this, you can deactivate the corresponding link on the website by clicking on it. You can also set your browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the website may be limited. Furthermore, you can also make various settings within your account on Twitter for possible advertising or profiling.

More information on this and Twitter's privacy policy can be found at https://twitter.com/privacy.

IV. How is data used on Facebook pages (Facebook Pages)?

We, TOBIS Film GmbH, Berlin operate social media pages on facebook.com as a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

Common controller

When you visit one of our Facebook pages, data is processed both by us and by Facebook Ireland Ltd. as controller (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at https://www.facebook.com/business/a/page/page-insights.

Facebook assumes the data protection obligations towards you as a user, such as providing information on data processing, and is the contact for your rights. This follows from the fact that Facebook has direct access to the relevant information about the Facebook page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to Facebook if necessary.

Use of page insights and cookies on Facebook

Facebook and we process statistical data from users of our Facebook pages using the Page Insights function. Information on these page insights and data processing can be found in Facebook's privacy policy: en.facebook.com/policy.php or at www.facebook.com/business/a/page/page-insights. Facebook also uses cookies and storage technologies. More information can be found here: https://en-en.facebook.com/policies/cookies/

Transfer of data; processing in other EU countries

We only share data we receive through Facebook pages with third parties in accordance with the terms of this privacy policy.

When using Facebook, data may also be processed by Facebook Inc. in the USA and thus outside the EU. After the ECJ declared the EU-US Privacy Shield Agreement invalid, the USA is an insecure third country in which there is no level of data protection comparable to EU standards. There is therefore a risk that government agencies may access your personal data through the transfer without you having any effective legal protection options. Your data will therefore only be transferred with your explicit consent.

Data processing and legal basis

Our Facebook pages allow us to communicate with you and provide interesting information. In doing so, we may receive further data from you through your comments, shared images, messages and reactions, which we then process to respond or communicate with you.

The usage data of the Facebook pages is used to create evaluations and statistics in the form of page insights, which support us in improving our marketing activities and our public presentation. We can further learn about users and their behaviour who interact with or use our Facebook pages in order to display relevant content and develop features that may be of interest to these people. These page statistics show us, for example, which people of certain target groups interact most with our Facebook pages or which content on the Facebook pages was visited, shared or liked when and how often. When classifying people into target groups, demographic data or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several devices, a cross-device analysis of the data can take place. The data collected in this way is processed statistically and is usually anonymous, which means that we cannot establish a relationship to the individual persons.

Furthermore, Facebook uses cookies and storage technologies on the Facebook pages to analyse and improve the offer. Data processing is carried out with your consent or for the purpose of answering your enquiry (Art. 6 (1) a., b. GDPR) or on the basis of our legitimate interests in improving our service and external presentation (Art. 6 (1) f. GDPR). GDPR).

Your rights and objection, contact

You have the rights set out in this privacy policy. These are to be exercised vis-à-vis Facebook, as explained above.

As a Facebook user, you can influence how your user behaviour is recorded when visiting Facebook pages at any time. To do this, you can manage the settings for advertising preferences in your Facebook account or at www.facebook.com/ads/preferences or the Facebook settings in your account or at www.facebook.com/settings. Facebook also offers options for contacting or exercising rights at www.facebook.com/help/contact/2061665240770586 and https://www.facebook.com/help/contact/308592359910928.

V. Will data be passed on to third parties in addition to the providers mentioned under II?

We work together with external service providers who support us in carrying out the steps necessary for the processing of our service online or offline. As a matter of principle, we only transfer personal data to third parties if this is legally permissible (e.g. for processing the offer on the website in accordance with Art. 6 (1) b. GDPR) or if you have given your explicit consent in accordance with Art. 6 (1) a. GDPR or instruct us to do so. For more information, please contact datenschutz@tobis.de.

VI. Will the data be transferred outside the European Union (EU)?

When using the service, your data may be transferred to third countries, i.e. countries outside the EU, due to the integration of third-party providers.

Services on the website that process data outside the EU

Furthermore, data may be transferred outside the EU when visiting the website, whereby the services of Google, YoutubeMailchimpFacebookOutbrain, as well as the service Twitter, which is connected via social plugins, are affected.

After the ECJ declared the EU-US Privacy Shield Agreement invalid, the USA is an insecure third country in which there is no level of data protection comparable to EU standards. There is therefore a risk that government agencies may access your personal data through the transfer without you having any effective legal protection options. Your data will therefore only be transferred with your explicit consent. In accordance with the EU-US standard contractual clauses, the US companies that offer Outbrain have undertaken to comply with the regulations of data protection corresponding in the EU.

When using Apester data is processed on servers outside of the EU, whereby compliance with the regulations of data protection applicable in the EU is then observed insofar as the processing of the data takes place in Israel.

For more information, please contact datenschutz@tobis.de.

VII. Your rights: information, revocation, changes, corrections and updates, deletion, restriction of processing, data portability, right of complaint

Information, revocation, changes, corrections and updates, deletion, restriction of processing, data portability

In accordance with the statutory provisions, you as the data subject have the right to obtain information about your data processed by us free of charge at any time.

In addition, you can assert your rights to rectification, deletion or restriction of processing or the right to object to us at any time. This also applies to a right to data portability.

If you have provided us with your personal data on the basis of consent, you could revoke this consent at any time for the future.

To exercise your rights, you can contact us by email at datenschutz@tobis.de. If this involves data processing via Facebook pages, this is described under IV.

Right of appeal

You or the data subject have a right of appeal to a supervisory authority of your choice. The supervisory authorities in Germany are the competent (data protection) authorities according to the respective law of the federal states.

A list of data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Duration of storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the performance of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of longer-term contractual relationships, such as the use of our service, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to inventory data, at most to the statutory retention periods (e.g. in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO)). Criteria for the storage period include whether the data is still current, the contractual relationship with us still exists or whether an enquiry has already been processed or a process has been completed or not and whether statutory retention periods are relevant for the personal data concerned or not.

VIII. Data security, scope, contact person

Data security

For the best possible protection of your data, the website is offered via a secure SSL connection between your server and the browser, i.e. the data is transmitted in encrypted form.

Data on the website is stored exclusively on servers within the European Union (EU), subject to other information to the user.

We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.

We expressly point out that data protection and data security for data transmissions in open networks such as the Internet cannot be fully guaranteed according to the current state of the art. You are aware that, from a technical point of view, the provider can view the pages stored on the web server and, under certain circumstances, other user data stored there at any time. You are fully responsible for the safety and security of the data you transmit to the Internet and store on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorised access by third parties.

Applicability of the data protection provisions; amendment

The data protection regulations can be viewed and printed out at any time on the website at [https://www.tobis.de/datenschutz/].

We are entitled to change these data protection provisions in compliance with the applicable regulations.

Contact person for data protection

For all questions regarding data protection, you can contact us by email at datenschutz@tobis.de or by using the contact options listed here (https://tobis.de/impressum/).

You can also find our contact information here tobis.de/impressum/. We have appointed an external data protection officer. He can be contacted at datenschutz@tobis.de.