The family was Jewish ...
Privacy policy
A. Responsible
The following person is responsible for data processing on our website:
Judith Rosenthal
Kettelerallee 49
60385 Frankfurt am Main
Germany
Tel. +49 (0)69 – 45 61 40
E-mail: info |at| thefamilywasjewish.com.
B. Data processing
I. Subject of data protection
The subject of data protection is personal data. This is individual information about personal or factual circumstances of a specific or identifiable natural person. This includes, for example, information such as name, postal address, e-mail address, or telephone number, but also usage data such as the IP address.
Personal data of our users is collected and used by us only to the extent necessary to provide a functional website and our content and services. The data collection and use, insofar as the data has personal relevance, is regularly only carried out with the consent of the user. As an exception, in cases where prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations, consent is not obtained.
II. Legal basis of data processing
The processing of personal data of visitors to our website is necessary to protect a legitimate interest of our company or a third party. Insofar as the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
III. Deletion of data and duration of storage
The data with personal reference to the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
C. Scope and purpose of data collection and storage
In the following we will inform you about the scope of data collection and storage as well as its use and the purpose of the respective data collection.
I. Log files
When using the website, the following data is automatically collected and stored in a log file on the server:
- Client domain
- Anonymized client IP
- Timestamp
- Request line
- Status code
- Size of the response body
- User agent
- Remote user
The log files of our server contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the Internet page or the link to the website to which the user goes contains personal data.
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR insofar as the interests, fundamental rights, and freedoms of the person concerned do not override our interests.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also result in our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR, insofar as the interests, fundamental rights and freedoms of the data subject do not override our interest.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses are alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
II. E-mail contact
It is possible to contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. The processing of personal data when contacting us by e-mail is solely for the purpose of processing the contact. This results in the necessary legitimate interest in processing the data. For the duration of the legal storage periods subject to § 147 (1) no. 2, para. 3 p. 1 AO [Tax Code], § 257 (1) no. 2, 3, para. 4 HGB [German Commercial Code] (6 years), e-mails are archived within the framework of the legal storage obligations.
III. Vimeo
We use Vimeo for the playback of the videos. There is a data transfer to the USA. The privacy policy of Vimeo can be found at: https://vimeo.com/privacy. The purpose of the data processing is the playback of the film. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
IV. Limit Login Attempts Reloaded
The website uses the security plugin “Limit Login Attempts Reloaded” to limit login attempts or block them if necessary. IP addresses collected for this purpose are displayed completely anonymously. The storage is based on Art. 6 (1) (f) GDPR, for the purpose of protecting the website from unauthorized access to the administration interface.
D. Rights of the data subject
If personal data of yours is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:
I. Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from us about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
II. Right to rectification
You have a right to rectification and/or completion if the processed personal data concerning you is inaccurate or incomplete. We shall carry out the rectification without undue delay.
III. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise, or defense of legal claims; or
(4) if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds.
If the processing of personal data concerning you has been restricted, such data may—apart from being stored—only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
IV. Right to deletion
(1) You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay if one of the following reasons applies:
a. the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
b. you revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
c. you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
d. the personal data concerning you has been processed unlawfully.
e. the erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f. the personal data concerning you has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.
(2) Information to third parties
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17(1) GDPR, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
(3) Exceptions
The right to erasure shall not apply to the extent that the processing is necessary
a. to exercise the right to freedom of expression and information;
b. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
e. for the assertion, exercise, or defense of legal claims.
V. Right to information
If you have asserted the right to rectification, erasure, or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed by us about these recipients.
VI. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that
(1) the processing is based on consent pursuant to Art. 6 para. 1 (a) GDPR or Art. 9 para. 2 (a) GDPR or on a contract pursuant to Art. 6 para. 1 (b) GDPR and
(2) the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you to be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
VII. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
VIII. Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.
IX. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
To exercise the aforementioned rights, please contact the abovementioned contact address. If you have any further questions about data protection or this privacy policy, please feel free to contact us at any time via the above e-mail address.