Responsible Party

Internationales Filmfest Braunschweig e.V. ( hereafter referred to as "Verein" [regd. association])
Neue Straße 8
38100 Braunschweig
Phone: +49 (0)531 / 702 202 0
Fax: +49 (0)531 / 702 202-99


Registration Court: Amtsgericht Braunschweig (Local District Court Braunschweig)
Registration Number: VR 3342
Youth Protection Officer: Fabian Schauren jugendschutz(at)
Data Protection: privacy(at)

Board of Directors (Vorstand)

Thorsten Rinke (chairman)
Florence Houdin (chairwoman)
Clemens Williges (secretary)
Frank Beyer (treasurer)
Andreas Richter (committee member)
Daniela Beier (committee member)

Responsible for the content according to § 55 Section 2 RStV: Vorstand Internationales Filmfest Braunschweig e.V.

Status: 22nd of September 2022

Data Protection Declaration

In the event of any conflict between the German language version of this declaration and its English translation, the original German language version shall prevail. 

General information regarding data processing, legal basis and security of personal data

This data protection declaration informs you how we use the personal data we collected from you when visiting our websites as part of our online offer, including connected websites. You have the right to request information about your personal data in our records at any time. This service is free of charge. The data protection declaration is effective for the use of the following websites:,, my.filmfest-braunschweig.de, and, as well as for our social media presence, hereafter referred to as “online presence”. 

The operators of our online services are committed to protecting the privacy of your personal data. We will treat your personal data confidentially and in compliance with statutory data protection regulations as well as this data protection declaration.  When visiting the networks and platforms, terms and conditions as well as the data processing guidelines of the respective operator apply.

The data processed within the framework of our online services are as follows: personal user identification information (e.g. name and address), contract data (e.g. accreditations, payment information), usage data (e.g. the visited websites of our online offer, interest in our program), and content data (e.g. the information entered in the contact form).

The term “user” applies to all categories of persons who access our online services and therefore are subject to the processing of data. This includes our business partners, customers, interested parties, and other visitors to our online offer.

We would like to point out that data transmission via internet (e.g. as part of communication per email) may have security breaches. Complete data protection against access by third parties is not possible and cannot be guaranteed. 

Our Websites use SSL/TLS encryption for secure transmission of your personal data and other confidential material (e.g. orders/reservations or inquiries to a designated person). You can recognize an encrypted connection by its starting character sequence "https://" and the lock icon in your browser address bar.

Disclosure of data to third parties and third-party providers

A disclosure of data to third parties only takes place within the framework of the legal requirements. We disclose user data to third parties exclusively for contractual purposes, e.g. on the basis of Art. 6 Section1 (b) of the EU-GDPR (hereafter referred to as GDPR) or on the basis of legitimate interests in the commercial and effective operation of our business activities in accordance with Art. 6 Section1 (f ) of the GDPR.

If we use subcontractors who help us to provide our services, we shall, in accordance with the relevant statutory provisions, take appropriate legal as well as technical and organizational measures to ensure the protection of your personal data.

If, within the framework of this data protection declaration, we use content, tools or other means from any other provider (hereafter referred to as “third party provider”) and the indicated headquarters are situated in a third country, it can be assumed that the data transfer will take place in the country of the third party provider’s headquarters. Third countries are those countries which are situated outside the European Economic Area and are not subject to EU-jurisdiction, i.e. countries in which the GDPR is not directly applicable. The transfer of personal data in third countries only takes place if there is an appropriate level of data protection, the user’s consent or another form of legal permission.

Collection of personal data when visiting our websites


When visiting the Verein's websites, your internet browser automatically sends data to our webserver. The following data is automatically collected and stored:

IP address

Date and time of the request

Time difference to Greenwich Mean Time (GMT)

Content of request (specific page)

Access status/ http-status code

Transferred data volume

Website from which the request has been sent


Operating system and its interface

Language and version of browser software

The log file information is stored for security reasons (e.g. for the detection of acts of abuse or fraud) for a maximum of thirty days. Data, whose further storage is required for purposes of proof is excluded from deletion until the incident in question is definitively clarified. The collected data will not be combined with other data sources. We will evaluate the data in anonymized form for statistical purposes.


Cookies are information, which is transferred from our web server or from web servers of third parties to your web browser and stored there for later access. 

We use “session cookies“, i.e. cookies which are valid only for the duration of your current visit to our website (e.g. to store your login status or the shopping cart function so that you are able to use of our online offer). A session cookie stores information in form of a unique, randomly generated session identification, known as a session ID. Additionally, a cookie contains the information about its origin and the storage period. These cookies are not able to store any other data. Session cookies are deleted as soon as you have ended your visit to our online offer, i.e. when you have logged out or have closed the browser.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the browser settings. Stored cookies can be deleted in the browser settings. Blocking cookies can lead to functional limitations of the online offer.

Initiating contact

When contacting us (via social media or email) your user information is processed in accordance with Art. 6 Section 1 (b) of the GDPR in order to respond to and handle the contact request. We will store your information from the request form, including the contact details provided by you, in order to process the inquiry and in case of follow-up questions. We will not disclose this data without your consent.

Comments, Ratings and contributions

If users leave comments, ratings or other contributions, their IP address will be stored for 30 days to protect our legitimate interests in accordance with Art. 6 Section 1(f) of the GDPR.

This provision is a security measure: Since we are accountable for the content of our websites, we have a legitimate interest in identifying anyone who transmits illegal content through comments or other contributions (insults, prohibited political propaganda, etc.).

Registration online services

We process user data (e.g. names and addresses as well as user communication details) and contractual data (e.g. services which have been used, names of contact persons, payment information) for the purpose of fulfilment of our contractual obligations and services in accordance with Art. 6 Section 1(b) of the GDPR.

Users have the option of creating a user account in our online areas such as the MyBIFF area on our website or under This is particularly necessary for the registration and login into our MyBIFF area as well as for events which require registration, for the submission of films, for accreditation and for using our streaming platform As part of the registration process the required information is communicated to the user. User accounts are not public and cannot be indexed by search engines.

We require personal data for the following purposes:

Processing of film and project submissions

Processing of accreditations

Authorizing access to closed events

Registration for events for a limited number of participants

Use of the possibility of online ticket sales

Collection of statistical data

If you are registered with us, you can access content and services, which we only offer to registered users.  To contact us in this regard, please use the contact details provided at the end of this data protection declaration.

For film or project submission/registration you should also, if applicable, provide personal data of third parties as needed. It is your responsibility to ensure in advance  that you have obtained the consent of the third parties for transmitting their data to us.

The user data collected by us is treated confidentially and stored on secure servers. Personal data, which you enter via forms outside the MyBIFF area, is processed in email form and thus stored on our mail server. For volunteer applications, we are using the services of Formlets. Utilization of services offered by Google and SurveyMonkey is also possible.

Privacy declarations:

Within the framework of the registration, subsequent logins and the use of our online services, we store the IP address and the time of user action. The storage of this data is based on our legitimate interests, and carried out on behalf of all users, in order to protect against abuse and other unauthorized use. Unless required to pursue our claims or to fulfill a legal obligation under Art. 6 Section 1(c) of the GDPR, this data will not be disclosed to third parties

Unless otherwise agreed, the consent for the storage of data is effective until the expiry of this declaration’s validity. In the event of changes to this declaration, users of our website will be automatically asked to renew their consent.

As soon as users cancel their user account, the account data will be deleted, unless their further storage is required for fiscal or commercial law related reasons as stipulated in Art. 6 Section 1(c) of the GDPR. Users are responsible to back-up their data should the agreement be terminated before its expiration. We are authorized to irretrievably delete all user data that had been stored during the duration of the agreement.


With the following details we inform you about the content of our newsletters, its subscription, delivery and the statistical analysis process as well as your rights of objection. By subscribing to one or more of our newsletters, you comply with its receipt and the described process.

Content of the newsletters: We send newsletters, emails and other electronic notifications with promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipient or legal permission. If, as part of a subscription to a newsletter, the newsletter’s content is specified, it determines the extent of the user’s consent. Alongside our Festival Newsletter, the Industry Newsletter with industry news, and the Education Newsletters with information about our offers for teachers and their students, we also publish a daily Newsletter during the festival week.

Double opt-in and keeping records: The subscriptions to our newsletter are carried out via the so-called double opt-in process. This means that you will receive an email after subscribing, in which you are asked to confirm your subscription. This confirmation is required to prevent other people from subscribing with your email address and ensures that only you can activate your account. The subscriptions to the newsletters are recorded in order to provide evidence of the subscription process according to the legal requirements. This includes the storage of the time of subscription and confirmation, as well as the IP address. In the same way, changes to your data stored with the email marketing service provider will be recorded.

Subscription data: To subscribe to a newsletter, your email address is sufficient. We also give you the option to provide your first and last name. This information is solely used for personalization purposes.

The use of the email marketing service provider, the implementation of the statistical surveys and analyses as well as the recording of the subscription process, comply with our legitimate interests in accordance with Art. 6 Section 1(f) of the GDPR. Our interest focusses on a user-friendly and secure newsletter system, which serves our commercial interests and, at the same time, meets the expectations of the users.

Cancellation/Withdrawal: You may cancel your newsletter subscription, i.e. you withdraw your consent, at any time. You can find a link for the cancellation of newsletters at the end of each newsletter. You can also unsubscribe by writing to

External Online Payment Services


We are working with the following external payment service providers whose online platforms facilitate payment transactions:


SOFORT Überweisung/Klarna

Arvato Bertelsmann



The use of external payment service providers to fulfill our contractual obligations is carried out in accordance with Art. 6 Section 1 (b) of the GDPR. We use this possibility to work with external online payment services as granted by Art. 6 Section 1 (b) of the GDPR to ensure save payments and secure processes for our users.

Stored information includes personal data such as name and address as well as banking details such as account numbers, credit card numbers, passwords, TANs and checksums as well as contract, amount and recipient related data. The information is required to process transactions. Any personal information related to banking or credit cards is processed and stored by the payment service provider only. We do not receive account or credit card related information except for the confirmation of payment or negative information. Where required, the payment service providers may disclose the information to a recognized credit agency for identity and credit check reasons. For further information, please check the terms and conditions as well as the privacy statements of our external payment service providers.

For payment transactions, terms and conditions as well as the data protection information of the respective payment service provider apply. You will find this information on their websites or transaction applications. There, you will also find further information about your rights of withdrawal, rights to information and other data subject rights.

To facilitate the secure processing of online payment transactions on our streaming platform, we are working with the certified third party provider Stripe. Stripe inc. as well as its subcompanies and connected companies take the protection of privacy very seriously. Personal data connected to payments such as credit card details are transmitted for processing directly to our third-party provider Stripe and are not stored on our servers. All information about the company's privacy policy can be found here:


Online presence on Social Media networks and platforms 

We are maintaining several online presences within social networks and platforms to communicate with our active customers, interested parties and users and inform them about our services.

Please note that data provided within these networks and platforms may be saved, stored and/or processed outside the European Union. Therefore, users of these networks and platforms may face risks caused, for example, by difficulties to enforce the user's personal rights. US-providers who are certified under the privacy shield are obliged to abide by the GDPR standards of the EU.

Please be advised that the provided data may be used for market research as well as for promotional purposes. The users’ interests which become visible through their usage behavior within these networks and platforms may, for example, be used to create user profiles. User profiles in turn may be utilized for personalized target marketing inside and outside of these networks and platforms. This is usually done by saving cookies on the users’ devices which store the data about user behavior and interests. Personal data may, however, also be stored and collected irrespective of the device that is used (in particular, if the affected user is logged in as a member of our platforms).

In accordance with Art.6 Section 1(f) GDPR, we process personal data based on our legitimate interest to effectively inform and communicate with the user. If the user has agreed to the social media provider's privacy declaration and statement regarding data collection, storage and processing, Art. 6 Section 1(a) and Art.7 GDPR apply.

For detailed information on data processing and opt-out procedures, we refer to the links of the providers as stated below. This also applies to queries and user rights claims; only the providers have full access to the collected data and can directly take action or give the requested information. Should you need further help, please contact us

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Privacy:, Opt-Out: and, Privacy Shield:

Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) 
Privacy:, Opt-Out:, Privacy Shield:

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy/ Opt-Out:

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) 
Privacy:, Opt-Out:, Privacy Shield:

Flickr (Flickr, 475 Sansome St, San Francisco, CA 94111, USA)
Privacy/ Opt-Out:

Integration of Google Maps

Some of our websites are using maps from the service "Google Maps" of the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to visually present geographical information (e.g. display of the festival locations). When using Google Maps, Google will collect, process, and use data about the usage of the map functions by the visitors. You can find further information about data processing by Google in the company's data protection information. There, in the data protection center, you can also change your personal data protection settings. Data protection declaration:

Embedded YouTube videos

We incorporate YouTube videos into some of our websites. The operator of the corresponding plug-in is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When visiting a website by using the YouTube plug-in, a connection to the YouTube servers is established. In the process YouTube is notified which sites you are visiting. If you are logged into your YouTube account, YouTube can identify your personal surfing behavior. You can prevent this by logging out of your YouTube account beforehand.                                                                                                                                                                   When a YouTube video is started, the provider uses cookies which collect information about user behavior. If you have deactivated the storing of cookies for the Google Ad Program, these types of cookies will also be turned off when watching YouTube videos. However, YouTube still stores non-personal usage information in other cookies. If you would like to prevent this from happening, you must block the storing of cookies in your browser. You can find further information about the handling of user data in the privacy statement of YouTube at:

Embedded Vimeo videos

We incorporate Vimeo videos on some of our websites. Vimeo is operated by Vimeo, LLC with headquarters in 555 West 18th Street, New York, New York 10011, USA. When visiting a website with a Vimeo plug-in, a connection to the Vimeo server is established and the plug-in is displayed. This way the Vimeo server receives information, which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo links this information to your personal user account. When using the plug-in, for example by clicking the start button to play a video, this information is linked to your user account. You can prevent this information from being linked to your account, by signing out of your Vimeo user account before using our website and deleting the Vimeo cookies in question. You can find more information about the data processing and data protection of Vimeo at:

Adobe Typekit Fonts

With regard to our legitimate interest according to Art.6 Section 1(f) GDPR (i.e. the interest to analyze, optimize and  operate our online services) we are using external ”Typekit” fonts provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the privacy shield agreement and thus guarantees to abide by the European GDPR. (

User rights

Upon request, users have the right to receive free information about personal data we have stored about them at any time. In addition, users have the right to review and correct data, restrict data processing and delete their personal data. Users can also withdraw their consent with future effect.

If you would like to receive information about your personal data or request data correction or deletion, please contact our data protection officer at

Internationales Filmfest Braunschweig e.V. 
Neue Straße 8 
38100 Braunschweig
Tel.: +49 (0)531 / 702 202 0
Fax: +49 (0)531 / 702 202-99

Right of objection

In accordance with the legal requirements, users may object to the future processing of their personal data at any time. Such objection can be made especially against the processing for purposes of direct advertising.

Changes to the data protection declaration 

We reserve the right to change the data protection declaration, in order to adapt it to altered legal situations, or in the event of changes to the service as well as to data processing. This only applies regarding declarations about data processing. If user consent is required or if constituent parts of the data protection declaration contain provisions regarding the contractual relationship with the users, the changes can only be made with user consent. The users are asked to inform themselves in regular intervals about the content of this data protection declaration.

Sources: Fishfarm Solutions, Datenschutzerklärungs-Generator
der activeMind AG; Rechtsanwalt Dr. Thomas Schwenke