1. Data Protection 1. Data controller
We, CHAMÄLEON Productions GmbH, Rosenthaler Str. 40/41, 10178 Berlin, maintain social media pages on the networks of Facebook, Instagram and Twitter. As the operator of these pages, we are joint data controllers together with the respective network operators
• Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter: Facebook br /> • Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter: Instagram br /> • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, hereinafter: Twitter within the meaning of Art. 4 No. 7 General Data Protection Regulation (GDPR).
As the joint data controller of these pages with the network operators we have reached agreements, which among others regulate the terms and conditions for the use of pages and similar presences. The following agreements are respectively decisive:
Twitter: The General Business Terms of Twitter and the policies to which reference is made therein
When visiting our social media pages personal data of the page visitors are processed by the data controllers as follows.
2. Use of Insights, analyses and cookies
In connection with the operation of our social media pages we use the analysis functions provided there in order to receive statistical evaluations regarding the users of our social media pages.
Cookies and similar technologies such as Pixel are used by the network operators for this purpose when visiting our pages and a clear user code is respectively created. This user code can be linked with the data of those users, who are registered with the platform operators.
3. Purposes of the processing
The processing of this information should, on the one hand, enable the network operators among others to improve their system of advertising, which they distribute via their networks. On the other hand, they should enable us as the operator of the social media pages to receive statistics, which are created based on the visits to our social media pages. The aim of this is to control the marketing of our activity. For example, this way it is possible for us to gain knowledge of trends of the profiles of the visitors, who appreciate our social media pages or use applications of the pages in order to make relevant contents available to them and to be able to develop functions, which could be of major interest for them.
In order for us to be able to be in a better position to understand how we can promote our business objectives with our social media pages, moreover, based on the collected information demographic and geographical evaluations are also created and made available to us. We can, for example, use this information in order to place specific interest-based advertisements. However, we do not receive any direct knowledge in this case about the identity of the visitor. If visitors use social media services on several terminal devices the collection and evaluation can also be carried out cross-device and, if applicable, cross-platform if it concerns registered visitors who are respectively logged into their own profile.
The created visitor statistics are exclusively transmitted to us in an anonymised form and we have no access to the respective underlying data.
We furthermore use our social media pages to communicate with our customers, interested parties and users and to inform about our range of services. In this context, if applicable, we receive further information, e.g. owing to user comments, private messages or because you follow us or share our contents. The processing is exclusively carried out for the purpose of communication and interaction with you.
4. The legal basis and legitimate interests
We operate our social media pages in order to present ourselves to the users of these platforms as well as other interested persons, who visit our social media pages and to communicate with these persons. The processing of the personal data of the users is carried out on the basis of our legitimate interests in an optimised company and product presentation (Art. 6(1)(1)(f) GDPR).
5. Forwarding of data
With Facebook, Instagram and Twitter there is the possibility that some of the collected information is also processed outside of the European Union in the USA.
The USA constitute a so-called unsafe third country. A third country shall be deemed unsafe if the EU Commission has not issued an adequacy decision for such a country in accordance with Article 45(1) GDPR, confirming that appropriate protection is in place for personal data in that country.
With the ECJ judgement of 16 July 2020 (C-311/18), the (partial) appropriateness decision for the USA, the so-called Privacy Shield, was declared null and void. No level of data protection is offered in the USA that would be compared with that in the EU. The following risks apply in the case of forwarding personal data to the USA. The risk that US American authorities can gain access to the personal data as a result of the monitoring programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act) and based on the Executive Order 12333 or the Presidential Police Directive 28. EU citizens do not have any effective legal protection options in the USA or the EU against such access.
Facebook und Instagram: : Facebook Ireland Ltd. transfers data on the basis of the standard contractual clauses approved by the European Commission to Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, US (hereinafter: Facebook Inc.), with its registered seat in the USA. We have no influence on these processing operations. We, ourselves, do not forward any personal data, which we receive via our Facebook page.
Twitter: Twitter transmits data on the basis of the standard contractual clauses approved by the European Commission to the Standardvertragsklauseln Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We have no influence on this processing. We, ourselves, do not forward any personal data, which we receive via our presence on Twitter.
6. Nature of the joint responsibility / assertion of rights of data subjects
With the agreement, which we have reached with Facebook and Instagram for our Facebook and Instagram presences, the operators recognise the joint responsibility under data protection law with a view to so-called Insights data and assumes essential obligations under data protection law to inform data subjects, for data security and to report breaches of data protection. In addition it is stipulated in the agreement with Facebook that Facebook is the prime contact with regard to the safeguarding of rights of data subjects (Art. 15 – 22 GDPR). Since, as the provider of the social network, Facebook alone has direct access possibilities to necessary information and can moreover directly take measures that may be necessary and provide information. Should it nevertheless be necessary for us to provide support we can be contacted at any time.
7. Possibilities for objection
You are in particular entitled to the following possibilities for objection:
Facebook und Instagram: Users of Facebook and Instagram can use the settings for advertising preferences to influence the extent to which their user conduct may be recorded on their visit to our Facebook page or Instagram profile. Further possibilities for objection are offered by the Facebook settings or the form provided via Facebook for the right to object. Settings for Instagram can also be made via the form.
Twitter: The processing of Twitter can be partially objected to via the settings in your Twitter account. You can find more information in this respect here.
8. Further information
Further information relating to our contact data, the rights of data subjects towards us and how personal data are otherwise processed by us, can be obtained in the data protection information on our Webseite.
You can find further information relating to the handling of personal data in the privacy policies of Facebook, Instagram and Twitter.
This data protection information has the status of November 2020.