Privacy policy

1. NAME AND ADDRESS OF THE RESPONSIBLE PARTY

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Media Services GmbH
Türkenstraße 89
80799 München
Germany

Phone: +49 (0)89 4132 578 1555
Email: webmaster@pharos.de
Website: www.pharos.de

(hereinafter referred to as "we", "us" or "our")

2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

netvis
Florian Meigel
Alpenstraße 33
83556 Griesstätt
Germany
Tel.: +49 (0)8039 497 0000
E-Mail: datenschutz@pharos.de

3. GENERAL INFORMATION ON DATA PROCESSING

1. Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only after the user's consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) sentence 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. Data Deletion and Storage Period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

4. RIGHTS OF THE DATA SUBJECT

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the responsible party:

1. Right to Information

You can request confirmation from the responsible party as to whether personal data concerning you is being processed. If such processing is taking place, you can request information from the responsible party about the following:

• the purposes for which the personal data is being processed;
• the categories of personal data being processed;
• the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage duration;
• the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or deletion of the personal data concerning you, a right to restrict processing by the responsible party, or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling pursuant to Art. 22 paras. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to rectification and/or completion by the responsible party if the processed personal data concerning you is incorrect or incomplete. The responsible party must make the correction without delay.

3. Right to Restriction of Processing

Under the following conditions, you can request the restriction of the processing of personal data concerning you:

• if you dispute the accuracy of the personal data concerning you for a period that allows the responsible party to verify the accuracy of the personal data;
• the processing is unlawful, and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
• the responsible party no longer needs the personal data for the purposes of processing, but you need it to establish, exercise, or defend legal claims; or
• if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the responsible party override your grounds.

If the processing of the personal data concerning you has been restricted, this data may only be processed - apart from being stored - with your consent or to establish, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state. If the restriction of processing was restricted according to the above conditions, you will be informed by the responsible party before the restriction is lifted.

4. Right to Deletion

a) Obligation to Delete

You can request the responsible party to delete the personal data concerning you without delay, and the responsible party is obligated to delete this data without delay if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing was based pursuant to Art. 6 (1) sentence 1 lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
• The personal data concerning you have been processed unlawfully.
• The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union or member state law to which the responsible party is subject.
• 6. The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8 para. 1 GDPR.

b) Information to Third Parties

If the responsible party has made the personal data concerning you public and is obligated to delete it pursuant to Art. 17 para. 1 GDPR, it will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

• to exercise the right to freedom of expression and information.
• to fulfill a legal obligation requiring processing under Union or member state law to which the responsible party is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the responsible party;
• for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing; or
• to establish, exercise, or defend legal claims.

5. Right to Notification

If you have exercised the right to rectification, deletion, or restriction of processing against the responsible party, the responsible party is obligated to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or deletion of data or restriction of processing unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the responsible party.

6. Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the responsible party in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another responsible party without hindrance from the responsible party to which the personal data was provided, provided that

• the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
• the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one responsible party to another responsible party, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.

7. Right to Object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The responsible party will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is for the establishment, exercise, or defense of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option to exercise your right to object in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.

8. Right to Withdraw the Data Protection Consent Declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Decision-Making in Individual Cases, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

• is necessary for entering into, or the performance of, a contract between you and the responsible party,
• is authorized by Union or member state law to which the responsible party is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
• is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases referred to in 1. and 3., the responsible party will implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the responsible party, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The competent supervisory authority for us is:

Bavarian State Office for Data Protection Supervision
PO Box 606
91511 Ansbach

The supervisory authority to which the complaint has been submitted will inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

5. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. Description and Scope of Data Processing

For technical reasons, in particular to ensure a secure and stable internet presence, data is transmitted by your internet browser.

The following data is collected and transmitted:

• Information about the browser type and version used
• The user's operating system
• The user's internet service provider
• The user's IP addressr
• Date and time of access
• Websites from which the user's system reaches our website
• Websites accessed by the user's system through our website

This data is stored temporarily. This data is not stored together with other personal data of the user.

2. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The Media Services GmbH does not draw any conclusions about the data subject when using this general data and information. Rather, this information is needed to:

• deliver the contents of our website correctly,
• optimise the content of our website and the advertising for it
• ensure the long-term functionality of our information technology systems and the technology of our website, and
• provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

3. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 p. 1 lit. f GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of storing data in log files, this is the case after no more than fourteen days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that an assignment of the calling client is no longer possible.

5. Objection and Removal Options

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

6. USE OF COOKIES

1. Description and Scope of Data Processing

Our website uses technically necessary cookies. Cookies are text files stored in or by the internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our internet site require that the calling browser be identified even after a page change.

2. Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our internet site cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.

3. Legal Basis for Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of Storage, Objection, and Removal Options

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to fully use all functions of the website.

7. Description and Scope of Data Processing

1. Extent of the processing of personal data

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

• Salutation
• Last name
• First name
• Street
• Postal Code / City
• Country
• Telephone Number
• E-mail address
• Function (optional)
• IP address of the calling computer
• Date and time of registration

During the the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of the Data Processing

Your registration allows for the simplified conclusion of contracts between you and us. Therefore, the processing of your personal data within the scope of the registration is necessary for the fulfillment of a contract between you and us or for the implementation of pre-contractual measures.

3. Legal Basis for Data Processing

The legal basis for the processing of data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent. If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. This is the case for the data collected during the registration process when the registration on our website is canceled or modified. For data collected during the registration process to fulfill a contract or to implement pre-contractual measures, this is the case when the data is no longer necessary for the execution of the contract. Even after the contract has been concluded, it may be necessary to store personal data of the contractual partner to comply with contractual or legal obligations.

5. Objection and Removal Options

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. If the data is necessary for the fulfillment of a contract or the implementation of pre-contractual measures, premature deletion of the data is only possible as long as contractual or legal obligations do not preclude deletion. Further information on the usage can be found at www.cinebridge.io/terms.

8. CONTACT OPTIONS VIA PHONE AND E-MAIL

1. Extent of the processing of personal data

It is possible to contact us via the contact information provided on our website. In this case, the user's personal data transmitted with the contact will be stored. The data is used exclusively for processing the conversation.

2. Purpose of the Data Processing

If you contact us, this also constitutes the necessary legitimate interest in processing the data.

3. Legal Basis for Data Processing

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims to conclude a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. Any additional personal data collected during the contact process will be deleted at the latest after a period of seven days.

5. Objection and Removal Options

The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

9. CONTENT DELIVERY NETWORKS (CDN)

We use a content delivery network ("CDN") from the technology service provider Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA ("Cloudflare"). A CDN is an online service used to deliver large media files (such as graphics, content, or scripts) through a network of regionally distributed and internet-connected servers. Using the Cloudflare CDN helps us optimize the loading speeds of our website.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in ensuring a secure and efficient provision, as well as improving the stability and functionality of our website. A European Commission decision exists that establishes an adequate level of data protection for the USA and serves as a basis for transferring personal data to third countries if the respective service provider is certified under the Data Privacy Framework. Cloudflare, Inc. has obtained this certification.

Additionally, we have concluded standard contractual clauses (SCC) with Cloudflare Inc. for the transfer and processing of your personal data. Further information can be found in Cloudflare's privacy policy at: www.cloudflare.com/privacypolicy/

10. ERROR TRACKING BY ROLLBAR

1. Description and Scope of Data Processing

This website uses the analytics service of Rollbar Inc. (Rollbar, 51 Federal Street, San Francisco, CA 94107, USA). Only in the event of an error are IP addresses, the user agent, and the accessed page transmitted to Rollbar. Additionally, a "Data Processing Agreement" (DPA) has been concluded with Rollbar.

2. Purpose of Data Processing

The purpose of the processing is the technical monitoring of our website and the tracking of error messages to optimize technical stability. This constitutes our legitimate interest in processing your personal data under Art. 6 para. 1 lit. f GDPR.

3. Legal Basis for Data Processing

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR.

4. Duration of Storage

Your personal data will be deleted as soon as it is no longer needed for the aforementioned purposes. This is the case after 180 days.

11. WEB ANALYTICS MATOMO

1. Description, Scope, and Purpose of Data Processing

This privacy policy describes how we use Matomo to collect and evaluate anonymous information about the use of our website without storing personal data. Matomo is an open-source software by InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand, used to understand and improve the usage behavior on our website. We use Matomo to collect exclusively non-personal data. This means that we do not collect any information that can identify you as an individual. We do not collect IP addresses, names, email addresses, or other personal information. The data collected with Matomo is stored exclusively on our own servers. No data is shared with third parties.

2. Data Collection

• The pages you visit
• The duration of your website visit
• Your web browser used
• Your operating system
• The screen resolution of your device
• The referrer URL (the website from which you accessed our website)
• Search terms you used to find our website

All this data is anonymous and is solely used to understand the general usage behavior on our website and optimize the website for our visitors. Therefore, there are no options for objection or removal. Further information on Matomo's privacy policy can be found here: matomo.org/privacy-policy

12. UPDATING THE PRIVACY POLICY

We regularly review and update our privacy policy to ensure that it complies with current legal requirements and correctly reflects our data protection practices. Changes to this privacy policy will be published on our website. It is therefore advisable to read the privacy policy regularly to stay informed about possible changes. If significant changes are made that affect your rights or the way we process your personal data, we will inform you directly where applicable.

Effective July 2024