As of January 2020
Table of contents
1. Joint controllers of personal data
The purposes and means of processing personal data when visiting our Facebook page https://www.facebook.com/TeamARRI/ ("Facebook page") are jointly determined by ARRI AG, Herbert-Bayer-Str.10, 80807 München, Germany ("ARRI AG")
and Facebook Ireland Ltd. ("Facebook") in accordance with Art. 26 of the EU General Data Protection Regulation (GDPR). This results from the fact that ARRI AG, as the operator of the Facebook page, by setting up such a page, allows Facebook to place cookies on the computer or any other device of the person visiting the Facebook page ("Visitor"), regardless of whether the Visitor has a Facebook account or not.
Facebook assumes primary responsibility under the GDPR for the processing of Insights data and fulfils all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook makes the essentials of this Page Insights supplement available to the data subjects (the corresponding "Page Insights Controller Addendum" can be found here: https://www.facebook.com/legal/terms/page_controller_addendum).
We would like to point out that you use this Facebook page and its functions within your own responsibility. This applies in particular to the use of interactive functionalities (e.g. commenting, sharing, rating).
2. Name and address of the joint controllers
a) The primary controller is:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
b) The other controller is:
Tel.: +49 89 3809-0
3. Contact possibilities of the data protection officer of the primary controller Facebook
You can contact the data protection officer of the primary controller Facebook under the following link:
4. Name and address of the data protection officer of the other controller
You can reach the data protection officer of the other controller ARRI AG for 2.b) at:
Dachauer Str. 65
+49 89 7400 45840
5. Legal basis for the processing of personal data
If the consent of the data subject is obtained for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 sentence 1 lit. b GDPR serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations required to carry out pre-contractual activities.
If the processing of personal data is necessary to fulfill a legal obligation to which ARRI AG or Facebook is subject, Art. 6 Para. 1 S.1 lit. c GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 s. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of ARRI AG, Facebook or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
6. Possibility of objection and removal
The visitor has the possibility to revoke his consent to the processing of personal data at any time (see also rights of the data subjects). If the visitor contacts us by Email, he can object to the storage of his personal data at any time.
The collection of data for the provision of the Facebook page and the storage of data in log files is mandatory for the operation of the Facebook page. Consequently, there is no possibility for the visitor to object.
7. Rights of the data subject
If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights regarding those responsible:
Right to information about your personal data stored at ARRI AG or Facebook;
Right to correction, deletion or restriction of the processing of your personal data;
Right to object to a processing that serves the legitimate interest of ARRI AG or Facebook, a public interest or profiling, unless ARRI AG or Facebook can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims;
Right to data transferability;
Right to complain to a supervisory authority;
Right to revoke your consent to the collection, processing and use of your personal data at any time with effect for the future.
If you wish to make use of your rights, you can address your request to ARRI AG as well as Facebook. For this you can use for example the contact possibilities listed above. If you contact us, we will forward your request to Facebook as far as questions regarding the processing of Insights data are concerned. Facebook will respond to enquiries in accordance with our obligations under the Page Insights Supplement.
II. PROCESSING OF PERSONAL DATA BY ARRI AG
1. Purpose of the data processing
ARRI AG maintains web presences within social networks in order to communicate with interested parties and active users and to inform about our products, events and news.
When you access our Facebook page (regardless of whether you are logged into your Facebook account or not), your browser transmits certain technical data to the web server for which Facebook is responsible. Facebook also uses so-called "cookies". Cookies are small text files that are stored in the memory of your device via your browser. Cookies set by Facebook are intended, among other things, to enable ARRI AG, as the operator of the Facebook page, to obtain statistics for the purpose of controlling the marketing of our activities, which Facebook compiles on the basis of visits to this page.
2. Description and scope of data processing
As the operator of the Facebook page, ARRI AG can use the Facebook Page Insights function, which Facebook makes available to us free of charge as an indispensable part of the user relationship, to obtain anonymous statistical data regarding visitors to our Facebook page. This data is collected using cookies set by Facebook, which each contain a unique user code and that are stored by Facebook on the visitor's device. The user code that can be linked to the login information of those users that are registered on Facebook is collected and processed when they visit the Facebook Page.
In particular, the Facebook fan page operator may receive demographic information provided by Facebook about its target audience - and thus the processing of that information - including trends in age, gender, relationship status and professional situation, information about the lifestyle and interests of its target audience, and information about the purchases and online purchasing behavior of visitors to its site, the categories of goods or services that interest them most, and geographic information that informs it of where to conduct special promotions or organize events and generally enables it to target its information offering as effectively as possible.
Although the visitor statistics compiled by Facebook are transmitted exclusively in anonymous form to ARRI AG as the operator of the Facebook page, the compilation of these statistics is based on the previous survey - using cookies set by Facebook on the visitor's device - and the processing of the personal data of these visitors for these statistical purposes. More information about Facebook Page Insights can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data
In addition to this automatically collected anonymous data, we also process the data that you have voluntarily provided us with, e.g. comments on posts or contacts.
3. Data removal and storage duration
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also be necessary if provided for by European or national lawmakers in Union regulations, laws or other rules to which ARRI AG is subject. The data shall also be deleted or the processing shall be restricted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
III. PROCESSING OF PERSONAL DATA BY FACEBOOK
1. Purpose of the data processing
Facebook processes visitors' personal data according to its own specifications for the following purposes:
o Deployment, personalisation and enhancement of Facebook products;
o Provision of metrics, analysis and other Facebook services;
o Promotion of protection, integrity and security;
o Communication with Facebook users;
o Research and innovation for social purposes.
Further information on Facebook's legitimate interests with regard to the processing of personal data can be found here: https://www.facebook.com/about/privacy/legal_bases
2. Description and scope of data processing
a) What type of information does Facebook process?
To provide Facebook products, it is necessary for Facebook to process information about visitors. The types of information that Facebook collects depends on how visitors use Facebook products. The following information can be processed by Facebook:
Anything generated and provided by visitors and others, such as information about how the visitor uses Facebook products, information about transactions done on Facebook products, or information about the people, pages, accounts, hashtags, and groups with which the visitor is connected.
Device information such as device properties, identifiers, network and connections, and cookie data.
Partner information that allows advertisers, app developers and publishers to send information to Facebook through the Facebook business tools they use, including social plugins (such as the "Like" button), Facebook login or Facebook pixel. These partners provide Facebook with information about the visitor's activities outside Facebook.
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. In addition, Facebook stores information about its users' devices (e.g. as part of the "registration notification" function); Facebook may thus be able to assign IP addresses to individual users.
If you want to avoid this, you should log out of Facebook or deactivate the function "stay logged in", delete the cookies on your device and close and restart your browser. Thus, information that Facebook can use to identify you is deleted. This allows you to use our Facebook page without revealing your Facebook account. When you access the interactive features of the page (like, comment, share, news, etc.), a Facebook login screen appears. After an eventual login, you will again be recognizable for Facebook as a specific user.
For information on how to manage or delete existing information about you, please visit the following Facebook Support pages: https://de-de.facebook.com/about/privacy.
b) How is the information processed by Facebook shared with others?
Facebook works with third-party partners who help Facebook deliver and enhance its products or use Facebook business tools to grow business. Facebook may share information with the following third parties:
o Partners who use Facebook analysis services;
o Partner for metrics;
o Partners who offer goods and services in Facebook products;
o Vendors and service providers;
o Researchers and scientists;
o Law enforcement authorities or legal inquiries.
c) How does Facebook process and transmit data as part of its global services?
Facebook shares information worldwide, both internally between Facebook companies and externally with its partners, as well as with those individuals or organisations with whom the visitor connects around the world and with whom the visitor shares something. Data may also be transferred to and processed in the USA or other third countries that do not have an adequate level of data protection. In this regard, Facebook uses standard contractual clauses approved by the European Commission or relies on the European Commission's adequacy decisions regarding certain countries.
Facebook Inc. the US-American parent company of Facebook is certified under the EU-U.S. Privacy-Shield and thus gives the promise to adhere to European data protection guidelines. More information about Facebook's Privacy Shield status can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
3. Data removal and storage duration
Facebook stores data until it is no longer needed to provide its services and Facebook products, or until the user's Facebook account is deleted, whichever comes first. This is a case-by-case determination and depends on such things as the nature of the data, why it is collected and processed, and the relevant legal or operational storage needs.