This Privacy Notice describes how Malao GmbH, Rosenheimer Straße 108, 81669 München, Germany ("Malao
", "we" or "us"), as the controller within the meaning of the EU General Data Protection Regulation ("GDPR
"), the Federal Data Protection Act ("BDSG
") and other data protection regulations ("Applicable Data Protection Laws
"), processes personal data and other information from users ("Users
" or "you
") of our Website www.malao.film
").1. CATEGORIES OF PERSONAL DATA, PURPOSE OF PROCESSING, LEGAL BASIS AND ORIGIN
The use of the Website and its functions requires the following processing of certain personal data on a regular basis:
1.1 Informational use of the Website
If you access our Website and use it for purely informational purposes (i.e. without using additional functions such as the contact form), the Website may automatically collect, process and store certain personal data in a pseudonymized form. This is device and usage information that may include (i) specific information about the device used to access the Website (including model, operating system, IP address, language and similar information) and (ii) information about the use of features, functions or notifications on the device to recognize you and to analyze trends.
The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f) GDPR) to monitor and maintain the performance of the Website and to analyze uses, activities and trends in connection with our Website.1.2 Web analysis with Google Analytics
When you access our Website, the Google Analytics service is loaded for statistical evaluation of the use of our Website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). By using the "anonymizeIp()" extension, we ensure that Google Analytics only transfers a shortened version of your IP address to Google.
The use of Google Analytics is based on your consent (Article 6 para. 1 sentence 1 lit. a) GDPR). In addition, we have concluded an agreement for data processing with Google in accordance with the requirements of the German data protection authorities for the use of Google Analytics. Data transfers to the US are carried out under the EU-U.S. Privacy Shield.
We collect your IP address to enable its shortening and then transmission to Google. You are not obliged to provide this personal data, a use of our Website is possible without the provision. You can prevent the provision of this personal data by setting your browser software accordingly by installing the browser add-on available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de
More information about Google Analytics can be found at http://www.google.com/intl/de_ALL/analytics
.1.3 Contact form and newsletter distribution with MailChimp
When you use the contact form included on our Website or contact us by e-mail or other means, e.g. to request information or send us content for inspection, the information provided in the contact form will first be stored by our IT service provider, MailChimp, transmitted to us and processed for the purpose of dealing with the request. MailChimp is a service provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
With MailChimp we can organize and analyze our newsletter campaigns. If you enter your data in the contact form, it will be stored on MailChimp's servers in the United States. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web beacon) connects to the servers of MailChimp in the USA. This allows us to determine whether a newsletter message has been opened and which links have been clicked. In addition, technical information (e.g. time of retrieval, IP address, browser type and operating system) is collected. This information is used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
We process your data for the purpose of processing and answering your enquiry and any follow-up questions, to prevent misuse of the contact form, to ensure the security of our information technology systems and to analyze our newsletter campaigns. We base these data processing operations on our legitimate interests (Art. 6 para. 1 lit. f) GDPR) which include processing your enquiry, protecting our information technology systems and enabling us to design and optimize our newsletters to meet your needs.
Data transfers to the US are carried out under the EU-U.S. Privacy Shield. We have concluded an agreement with MailChimp in which we oblige MailChimp to protect the data of our customers and not to pass them on to third parties. This contract can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/
. Detailed information about the cookies used by MailChimp can be found at https://mailchimp.com/legal/cookies/#Cookies_served_through_our_Websites
Cookies are text files that contain small amounts of information and are stored on your computer or mobile device when you visit a website. During subsequent website visits, cookies are sent back to the original website or another website that recognizes the cookie. Cookies are primarily used to ensure the proper or efficient functioning of a website and to provide information to the website operator. Cookies perform several functions. For example, they allow you to better navigate between different pages, store your preferences and generally improve your user experience. There are two main types of cookies:
- our own cookies, which we store directly on your computer or mobile device;
- third-party cookies that are stored for us and can be used by us for various purposes related to functionality, performance/analysis, contact/newsletter subscription, and payment processing.
- to facilitate, simplify and improve your access to and operation of our Website;
- track data flows and usage behavior related to our Website;
- understand how many users regularly use our Website and which operating systems (e.g. Windows or Mac OS) and Internet browsers (e.g. Internet Explorer, Chrome or Safari) they use;
- monitor and continuously improve the performance of our Website;
- personalize and improve your online experience.2.3 What types of cookies do we use?
The types of cookies we or our partners use in connection with our Website can be divided into three categories: "cookies required for basic purposes", "functionality cookies" and "performance and analysis cookies". Below we have collected additional information for each category, including information about the purpose of the cookies we or a third party store.
2.4 How to delete or manage cookies
You have the right to accept or decline the storage of cookies on your device. You can exercise this right at any time by changing the settings in your browser according to your wishes.
However, if you disable cookies, you may no longer be able to use the website properly.
Most browsers provide instructions on how to customize cookie settings. The cookie settings are usually located under the menu item "settings" of your browser. If you wish to limit the use of third-party cookies, you can do so using one of the following links:
- Your Online Choices (http://www.youronlinechoices.com/uk/
- Network Advertising Initiative (http://www.networkadvertising.org/
- Digital Advertising Alliance (http://www.aboutads.info/consumers
Please note that many companies are listed on these pages that do not set cookies via our Website.3. DATA RECIPIENT
3.1 External service providers
Malao may engage external service providers who act as our data processors to provide certain services to us, such as email, Website, marketing or other IT services. While providing these services, the external service providers may have access to or process your personal data.
Based on the data processing agreements concluded with them, the external service providers used are obligated to take appropriate technical and organizational security measures to protect the personal data processed and to process the personal data only in accordance with the assignment.
3.2 Additional recipients
Malao may also disclose your personal data to law enforcement and government agencies, legal advisers and other external advisers in accordance with Applicable Data Protection Laws. The legal basis for this processing is compliance with legal obligations (Art. 6 para. 1 lit. c) GDPR) to which Malao is subject or our legitimate interests (Art. 6 para. 1 lit. f) GDPR), such as exercising or defense of legal claims.4. DATA TRANSFER TO THIRD COUNTRIES
Your personal data that we process may be transferred to and processed by recipients in third countries outside the European Union (EU) / European Economic Area (EEA) that do not provide for an adequate level of data protection, such as the United States. Some recipients in the USA may be certified according to the EU-U.S. Privacy Shield and thus ensure an adequate level of data protection from the perspective of EU data protection law. As an example, data transfers to Google are based on the EU-U.S. Privacy Shield.
To the extent we transfer your personal data to countries which do not ensure an adequate level of data protection from the perspective of EU data protection law, we base the transfer on appropriate safeguards, such as the standard contractual clauses adopted by the European Commission. You may request a copy of the appropriate safeguards by contacting us at the contact details provided in section 7. Access is limited to recipients who need the respective data to perform their tasks.5. YOUR RIGHTS AS A DATA SUBJECT AND HOW TO ASSERT THEM
If you have declared your consent to the processing of your personal data, you can withdraw this consent at any time with future effect. Such withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. If you withdraw your consent, we will no longer process your personal data unless any other (legal) basis permits this. However, if the consent is withdrawn and no other legal basis exists, we must delete the personal data immediately (Art. 17 para. 2 lit. b) GDPR).
According to Applicable Data Protection Laws, as a data subject you may have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The right to access and the right to erasure may be restricted under certain circumstances in accordance with applicable local data protection law. In addition, you are entitled to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
Under certain circumstances, on grounds relating to your particular situation, you have the right to object at any time (Art. 21 para. 1 GDPR) to the processing of personal data concerning you processed on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR). Furthermore, if your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for these purposes, to the extent that it is related to such direct marketing (Art. 21 para. 2 GDPR). In this case, we will no longer process your personal data for these purposes.
In order to exercise your rights, please contact us under the contact details provided in section 7.6. STORAGE PERIOD OF YOUR PERSONAL DATA
Your personal data will be stored as long as necessary for the purposes of the data processing described in section 1 above. If Malao no longer processes your personal data for the described purposes, we will remove it from our systems and records or make it completely anonymous so that you can no longer be identified from it. Your data will not be erased or made completely anonymous if and as long as we have to store your data in order to fulfil legal or regulatory obligations, e.g. legal retention requirements, which may arise from the German Commercial Code (Handelsgesetzbuch
, HGB) or the German Tax Code (Abgabenordnung
, AO), for example, which stipulate retention periods of 6 to 10 years, or if we need the data to preserve evidence within the limitation period, which is usually 3 years, but can be up to 30 years in individual cases.7. CONTACT
If you have any questions about this Privacy Notice or the processing of your personal data, please contact us at:
Rosenheimer Straße 108