As the operator of the streaming platform at stream.alefcinestream.com and the AlefCine Stream mobile app (hereinafter referred to as the “Platform”), we are the data controller within the meaning of applicable data protection law, in particular the General Data Protection Regulation (“GDPR”), for the personal data of the user (“you”) of this Platform.
Below, we provide you with clear information in accordance with our disclosure obligations (Art. 13 et seq. GDPR) regarding which data is processed when you visit our Platform and on what legal basis this occurs. You will also receive information about the rights you have vis-à-vis us and the competent supervisory authority.
1. Information about the Data Controller
AlefCine Stream GmbH, represented by Managing Director Ali Schmahl
Krefelder Str. 13, 10555 Berlin, Germany
Email: stream@alefcine.com
2. Use of our Platform
a. Registration
To use our Platform, you must create a user account. To do so, we collect your contact information (email address) as well as authentication data for your login (password). Depending on how you subsequently set up your account and payment method and which features you use, we also collect the following data:
· Any additional identifiers you provide
This data is stored for as long as your user account exists with us and is deleted following the deletion of your user account (e.g., after termination). The registration data is processed for the purpose of setting up the user account and for the preparation and execution of the contractual relationship between you and us, in accordance with Art. 6(1)(b) GDPR.
b. App Download
We offer our Platform via our own web app as well as mobile apps for Android, Android TV, iOS, and Apple TV. To download and install the mobile app from an app store (Google Play, Apple App Store, or another app store via your Smart TV), you may first need to register for a user account with the provider of the respective app store and enter into a corresponding user agreement. We have no influence over the content of such agreements; in particular, we are not a party to such user agreement.
When downloading and installing the app, the necessary information is transmitted to the respective app store provider (e.g., Google or Apple), specifically your username, your email address, and the customer number of your app store account, the time of the download, and the unique device identifier. We have no influence over this data collection and are not responsible for it. We process this provided data only to the extent necessary for downloading and installing the app on your mobile device (e.g., iPhone, iPad, or Android device). Beyond that, we do not store or otherwise process this data.
c. Payment
If you order paid content, you must first enter into a corresponding user agreement with us regarding the respective paid content. The relevant details are contained in the Terms of Service at stream.alefcinestream.com/tos and in the respective service descriptions for the content.
We use the services of Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (“Stripe”) to process payments. We do not store any credit card information in connection with the processing of payment. Instead, credit card data or bank account information is transmitted directly to Stripe. For further information on data processing by Stripe, please refer to Stripe’s Privacy Policy at https://stripe.com/en-it/privacy.
Stripe collects additional data for its own purposes, such as fraud prevention, product development, and marketing. This includes, in particular, technical usage data (IP address, device identifier, or operating system information).
Data processing by Stripe takes place in part on servers in the United States. In the event that personal data is transferred from Stripe Payments Europe Ltd. to Stripe Inc. in the United States, the data transfer is justified by the adequacy decision for the United States based on Stripe Inc.’s certification under the EU-US Data Privacy Framework (“DPF”).
Once the payment has been processed, you will receive a payment receipt via email. Stripe notifies us of the payment receipt, and we store the information regarding the payment receipt, as well as details about the ordered content or the type of subscription, the term, the fee, cancellation conditions, and the selected payment method in connection with your user account in order to assign and verify received payments and to manage your ordered content in your user account. For accounting purposes, information regarding completed payments is retained in conjunction with the registration data for a period of six years. The legal basis for this retention is Article 6(1)(c) of the GDPR in conjunction with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).
d. Your Interaction with the Platform
When you use our Platform, we process data regarding your interaction with the Platform. This includes:
· Playback events such as play, pause, etc.
· the selections you make when using interactive titles
· your playback history, search queries on the Platform, and other data regarding your use of and interaction with the Platform.
This data is stored for as long as your user account with us exists and is deleted following the deletion of your user account (e.g., after termination). The registration data is processed to provide the functions of our Platform (e.g., resuming playback at a later time) and is therefore based on the legal grounds of Article 6(1)(b) of the GDPR for the fulfillment of the contractual relationship between you and us, as well as on our legitimate interest in providing the Platform and optimizing its functionalities (Article 6(1)(f) of the GDPR).
e. Device and Network Data
When you access our Platform via our web app or a mobile app, device and network data from the devices you use to access our Platform are processed.
This includes, in particular, the following data:
· Device IDs or other unique identifiers
· Standard website log data (e.g., type of web browser used; language and version of the web browser used; pages visited) or mobile app log data
· Device and software characteristics (e.g., device name, operating system and its version; operating system interface)
· App version and application ID to identify your app installation
· Timestamps (date and time of access, time zone difference from Greenwich Mean Time (GMT), and approximate geolocation
· Connection data (Wi-Fi, mobile data, user’s internet service provider)
· Access status/HTTP status code
· Amount of data transferred
· Success or failure of the loading process
· Referrer (websites and search queries you visited/made before arriving on our Platform)
· Activities on the Platform, including button clicks, mouse movements, scrolling, and non-sensitive keyboard input
This data is temporarily stored in internal log files. The log files contain your IP address and may contain other personal data. Therefore, it is generally possible to link this data to you.
However, we only store your data temporarily and, in particular, not together with other personal data. The data is deleted as soon as you leave the Platform. The temporary processing and storage of the aforementioned data is necessary to provide our Platform, ensure its continuous functionality and availability, and guarantee the security of our IT systems. These purposes also constitute our legitimate interest in processing the data on the legal basis of Article 6(1)(f) of the GDPR.
3. Hosting of our Platform
Our Platform is hosted on the servers of Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA (“Vimeo”). This means that the data we collect when you visit and use the Platform is stored on our host’s servers in the United States.
The legal basis for processing your personal data is Article 6(1)(f) of the GDPR, as it is in our legitimate interest to use the services of a professional provider to ensure the secure and efficient provision of our Platform. We have entered into a data processing agreement with Vimeo. Vimeo is certified under the DPF.
4. Third-party Providers
a. Mailchimp Webhook and Zapier
To send Terms and Conditions, contract-related documents, and legal texts, we use a webhook service provided by Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA (“Intuit”).
In this context, the data you provide when entering into a contract (e.g., name, email address, and, if applicable, contract details) is transmitted to Mailchimp to enable the sending of the relevant documents.
To integrate and forward this data, we also use the service provided by Zapier Inc., 548 Market St #62411, San Francisco, CA 94104, USA (“Zapier”). Zapier acts as a technical interface through which data is received from our Platform and transmitted in a structured format to Mailchimp for further processing.
Processing is carried out for the purpose of implementing pre-contractual measures or fulfilling the contract in accordance with Art. 6(1)(b) GDPR, as well as on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR in efficient and automated communication processing. We have entered into a data processing agreement with Intuit and Zapier in accordance with Art. 28 GDPR. Both Intuit and Zapier are certified under the DPF.
b. Vimeo
We use the video service provided by Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, New York 10001, USA (“Vimeo”), to provide video content on our Platform, including the use of digital rights management. When accessing this content, which is played via Vimeo, personal data (in particular IP address and, if applicable, other usage data) is transmitted to Vimeo.
To the extent that the use of the Platform would not be possible as intended without the integration of Vimeo, in particular when Vimeo is used to provide and play video content, the processing of personal data is carried out to fulfill the contract with you (Art. 6(1)(b) GDPR).
We have entered into a data processing agreement with Vimeo in accordance with Art. 28 GDPR. To the extent that Vimeo, in turn, uses additional third-party service providers (sub-processors), you can find information about these additional third-party service providers as well as about data processing by Vimeo in Vimeo’s privacy policy (https://vimeo.com/legal/privacy/policy#id-5.-with-whom-we-share-your-data).
5. Customer Support
You have the option to contact us via Vimeo by email. We will store the personal data you provide in this manner. The data will be processed solely for the purpose of properly handling your inquiry, which is in our legitimate interest. The legal basis for the processing of your personal data is Article 6(1)(f) of the GDPR. The data will be stored until it is no longer necessary to achieve the purpose of the conversation with you and the matter regarding your inquiry has been fully resolved.
If your request is intended to execute a contract with us, the additional legal basis for processing your personal data is Article 6(1)(b) of the GDPR. This data will be stored for as long as it is necessary to perform the contract or to take pre-contractual measures. Beyond that, we store your data only to comply with legal obligations (e.g., tax obligations) (Art. 6(1)(c) GDPR).
You may notify us at any time (see section 1 above) that we should delete the data provided during the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted, and it will not be possible to continue the conversation.
6. Newsletter
We offer you the option to subscribe to our newsletter free of charge on our Platform. In addition to your declaration of consent, we require your email address for this purpose.
We will only send you the newsletter once you have confirmed your subscription by clicking the link provided in the confirmation email sent to you for this purpose. This is to ensure that only you can subscribe to the newsletter. Your confirmation must be provided promptly after receiving the confirmation email; otherwise, your newsletter subscription will be automatically deleted from our database. You may also be informed about new content via email without this so-called “double opt-in,” unless you expressly state that you do not wish to receive such emails (so-called opt-out).
The legal basis for sending the newsletter and the associated processing of any additional voluntary information is Article 6(1)(a) of the GDPR. By submitting your newsletter subscription, you consent to the processing of your data by us. Information about new content that does not require your opt-in is covered by § 7 Section 3 UWG.
In addition, as part of your newsletter registration, we store the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR to ensure the security of our systems and prevent misuse. In the confirmation email sent for verification purposes, we also store the date and time you clicked the confirmation link and your IP address.
Your data is processed exclusively in connection with the sending of newsletters. The purpose of processing your email address is to enable us to send you the newsletter. Additional data collected during the registration process is used either to address you personally or to ensure the security of our services and prevent misuse of the email address provided.
Your data will only be stored for as long as necessary to achieve the intended purpose. Your email address will therefore be stored for the duration of your active newsletter subscription, provided you have given your consent. The data we additionally collect automatically during your registration (IP address, date, and time) will be deleted at the latest when you cancel your newsletter subscription. Data stored by us for other purposes remains unaffected by this.
RIGHT TO WITHDRAW CONSENT / Unsubscribe from the Newsletter
You can unsubscribe from our newsletter at any time. You will find the link to do so at the end of each newsletter. By doing so, you revoke your consent with future effect or object to the further use of your data for the purpose of sending the newsletter. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation
Newsletter Service Provider
To send the newsletter, we use the Mailchimp newsletter service provided by Intuit Inc., 2700 Coast Ave, Mountain View, CA 94043, USA (“Intuit”).
It is in our legitimate interests to use a professional provider for sending the newsletter (Art. 6(1)(f) GDPR).
We have entered into a data processing agreement with Intuit in accordance with Art. 28 GDPR.
7. Contact for Reporting Illegal Content
If you believe that content on our Platform infringes the rights of third parties, you can contact us directly by sending an email to stream@alefcine.com , including your name. To enable us to identify and review the content, the report must include a link to the content and the reason why you believe the content is unlawful. The legal basis for this processing is Article 6(1)(f) of the GDPR, our legitimate interest in providing lawful content and preventing legal violations.
8. Your Rights
When we process your data, you are a “data subject” within the meaning of the GDPR. You have the following rights: the right of access, the right to rectification, the right to restriction of processing, the right to erasure, the right to be informed, and the right to data portability. In addition, you have the right to object, the right to withdraw consent, and the right to lodge a complaint with the supervisory authority.
Below you will find some details regarding each of these rights:
a. Right of Access
You have the right to request confirmation from us as to whether we are processing your personal data. If we are processing your personal data, you have the right to obtain information, in particular, regarding the purposes of processing, categories of personal data, recipients or categories of recipients, and, where applicable, the duration of storage.
b. Right to Rectification
You have the right to have the data we have stored about you corrected and/or completed if this data is inaccurate or incomplete. We will correct or complete the data without delay.
c. Right to Restriction of Processing
Under certain conditions, you have the right to request that we restrict the processing of your personal data. One example of this is if you dispute the accuracy of your personal data and we must verify its accuracy for a certain period of time. For the duration of the verification, your data will only be processed to a limited extent. Another example of restriction is if we no longer need your data, but you require it for a legal dispute.
d. Right to Erasure
In certain situations, you have the right to request that we erase your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected it, or if we have processed your data unlawfully. Another example would be if we process your data based on your consent, you withdraw your consent, and we do not process the data based on any other legal basis. However, your right to erasure does not always apply. For example, we may process your personal data to comply with a legal obligation or because we need it for a legal dispute.
e. Right to Information
If you have exercised your right to rectification, erasure, or restriction of processing against us, we are obligated to notify all recipients to whom we have disclosed your personal data of the rectification, erasure, or restriction of processing of your data, unless this proves impossible or involves disproportionate effort.
f. Right to Data Portability
Under certain conditions, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and the right to have this data transmitted to another controller. This applies when we process the data either based on your consent or based on a contract with you, and when we process the data using automated means.
You have the right to request that we transmit your personal data directly to another controller, provided this is technically feasible and does not infringe upon the freedoms and rights of others.
g. Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
Following an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling to the extent that it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.
h. Right to Withdraw Consent
Pursuant to Art. 7(3) GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not render the lawfulness of the processing retroactively invalid.
i. Right to lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your residence, your workplace, or the location of the alleged violation if you believe that the processing of your personal data violates the GDPR.
An overview of the respective state data protection officers and their contact information can be found at the following link:
a. Use of Cookies
We use cookies on our Platform. Cookies are text files that are sent from our web server to your browser when you visit our Platform and are stored on your computer by your browser for later retrieval. Cookies are then sent to our Platform’s server with every server request or page view. A cookie allows your internet browser to be identified when you visit the Platform again. Some of the features we have integrated into our Platform also use web storage objects. These function similarly to cookies but are cached in your browser and are generally not transmitted to the server.
There are session cookies, which are deleted when you close your browser, and there are persistent cookies, which are stored on your hard drive until their preset expiration date is reached or until you actively delete them. With web storage objects, a distinction is made between local storage objects, which never expire, and session storage objects, which are deleted when you close your browser.
Cookies are categorized as first-party cookies (visible only from the domain you are currently visiting) and third-party cookies (visible across domains and regularly set by third parties).
Cookies and web storage objects are divided into the following categories:
Technically necessary: These are essential for navigating the Platform, using basic functions, and ensuring the Platform’s security; they neither collect information about you for marketing purposes nor store which websites you have visited. The legal basis for setting technically necessary cookies and web storage objects is Section 25(2) of the TTDSG.
Optional: These serve, for example, analytical and marketing purposes and the display of external content such as videos. Analytical cookies and web storage objects collect information about how you use the Platform, which pages you visit, and, for example, whether errors occur during Platform use. Marketing cookies and web storage objects are used to display targeted advertising on the Platform or offers from third parties and to measure the effectiveness of these offers. These are technologies that are not technically necessary. The legal basis for setting these cookies and web storage objects is therefore your consent in accordance with Section 25(1) of the TTDSG.
Please note the following: You can ensure that no cookies or similar technologies are stored on your computer at all, or that only certain cookies are permitted to be stored. You can select this in your internet browser settings. There, you can also view and delete the stored cookies. If you block all cookies, it is possible that not all functions of our Platform will be available to you.
b. Option to Revoke Consent and Delete Cookies
As stated at the beginning of this section, you can enable or restrict the use of cookies and similar technologies by changing the settings in your web browser. You can delete cookies and web storage objects that have already been stored by your web browser at any time. If cookies and web storage objects are restricted or disabled for our Platform, you may not be able to use all its features.
c. Information about Cookies and Web Storage Objects on our Platform:
For cookies and similar technologies used in connection with the embedding of videos on our Platform, please refer to Vimeo’s Cookie and Privacy Policy, which contains further information on data processing (https://vimeo.com/legal/privacy/cookies).
