Data Privacy

Stand: 29.12.2022

We, Yorck-Kino GmbH (hereinafter "we" or "Yorck"), would like to inform you about the personal data that we collect and process when you visit the Yorck-Kino’s website (hereinafter "website"), use our Yorck app ("app"; app and website together hereinafter referred to as the "online services") or use services otherwise offered by us (the online services and the services otherwise offered by us hereinafter collectively referred to as the "offers"). Personal data (hereinafter "data") are data that can be linked to an identified or identifiable person (e.g., the name, address, e-mail address or telephone number, but also technical usage data such as the IP address or time of access to the website or app).Unless expressly described otherwise, this privacy policy applies uniformly to our offers, regardless of whether you use our app or website or arrange for your data being processed offline (e.g., when you purchase tickets over the counter and collect loyalty points).It goes without saying that we comply with the legal provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and other applicable data protection regulations. Controller within the meaning of the GDPR Yorck-Kino GmbHRankestraße 3110789 Berlin

kontakt@yorck.de

You can reach our data protection officer at:c/o activeMind AGManagement- und TechnologieberatungKurfürstendamm 5610707 BerlinTel.: +49 (0)30 / 770 19 10 70

1. Verarbeitung personenbezogener Daten bei Nutzung der Onlinedienste

Wenn Sie unsere Webseite oder App aufrufen und dort z.B. Unterseiten öffnen, verarbeiten wir insbesondere folgende Informationen in einer Protokolldatei:

name of the requested file, date and time of page request
IP address of the requesting computer
access methods/functions requested by the requesting computer
page accessed or name of the file accessed
operating system and browser type or settings
amount of data transferred and information on whether the access/retrieval was successful
device identification for mobile devices
time zone difference from Greenwich Mean Time (GMT)
access status/HTTP status code
data volume transferred

The information is used for the purpose of identifying and tracking unauthorised attempts to access the web server as well as for statistical evaluation purposes (e.g., visitor numbers and page popularity) and to improve our offer based on our legitimate interest in ensuring functioning online services, detecting fraud and improving the offer (Art. 6 para. 1 lit. f GDPR). This information will be deleted or anonymised after 30 days. When downloading the app from the app store, necessary information will be transferred to the app store, including username, e-mail address, time of download and the individual device identification number. We are neither able to influence nor are we responsible for such data processing activities.

2. Use of our offer and profiling

In order to provide or enable you to access certain services such as the sale of cinema tickets or vouchers, the conclusion of memberships, such as the Yorck membership or the Yorck UNLIMITED membership (hereinafter collectively the "membership"), the use of benefits associated with such memberships or the use of our Yorck on Demand offer, it will be necessary to collect certain data.

2.1 Yorck account

Unless you make a purchase anonymously (e.g. when buying cinema tickets on-site without collecting any loyalty points), we will, where necessary and depending on how you use our offer, ask for and store your name, e-mail address, telephone number, address, gender, bank details, date of birth and, if applicable, your photo, in order to conclude a contract with you, to fulfil the contract and to identify you as the lawful holder of your Yorck membership card (Art. 6 (1) lit. b GDPR). You can voluntarily provide additional information in your Yorck member account (hereinafter "Yorck account"). We combine your data from the Yorck account with further data in order to adapt our offer and marketing measures to your personal interests and to determine and improve the relevance and quality of our offer and marketing measures. The combined data is, for example, data resulting from your membership, the screenings you attend, the on-demand offer you use or the ratings you submit. We base this profiling on our legitimate interest (Art. 6 (1) lit. f GDPR). The data in your Yorck account will be deleted when your membership has ended unless legal retention periods apply or the retention of the data is necessary for the enforcement of or defence against legal claims.

2.2 Payment service providers

We use payment service providers such as PayPal, Stripe, Elavon or Concardis for payment processing in connection with our paid offers. The contractual and data protection provisions of the respective providers apply to these transactions. The use of the respective payment service provider is either necessary for the performance of the contract concluded with you (Art. 6 (1) lit. b GDPR) or is in the interest of a smooth, convenient and secure payment process (Art. 6 (1) lit. f GDPR).

3. Contacting you

If you provide us with personal data for the purpose of contacting you (e.g., by e-mail, chat, contact form or in our help section), we use the data to answer your enquiry on the basis of our legitimate interest in responding to your request (Art. 6 (1) lit. f GDPR). If the personal data is no longer required by us for answering your enquiry and if the data is not subject to any retention obligations, it will be deleted.

4. Personalised newsletter

If you have subscribed to our personalised newsletter, we will use your personal data to select the newsletter content and to send the newsletter to you based on your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time with effect for the future. You can declare your revocation by clicking on the unsubscribe link contained in every newsletter e-mail. If your e-mail address has not yet been verified elsewhere, we use the so-called double-opt-in procedure when you subscribe to our newsletter. This means that after you have provided your e-mail address, we will send you a confirmation e-mail to the e-mail address provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your subscription will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe. Furthermore, when you register for and confirm the newsletter, we store your IP address as well as the respective time in order to prevent misuse of your data. In addition to your e-mail address, we store usage data that we collect by analysing the newsletter. For this purpose, we use a tracking pixel in our newsletter which tells us when you open the newsletter and how you use it (e.g., which links you click on). This data is then stored together with other data about you.

5. Legal obligations or other reasons

We may also process your data to comply with legal requirements (e.g., pursuant to Art. 6 (1) lit. c GDPR to check FSK age limits for the protection of minors), to defend your or our rights or to enforce claims (Art. 6 (1) lit. f GDPR), or if you have consented thereto, e.g., when participating in competitions or other marketing measures (Art. 6 (1) lit. a GDPR).

6. Cookies and similar technologies

We use so-called cookies and similar technologies (e.g., pixel tags) in our online services to collect and store data. Cookies are text files that contain small amounts of information and are stored on your terminal device when you visit a website or open an app. On subsequent visits, the cookies are sent back to the original website or another website that recognises the respective cookie. The cookies used by us are divided into temporary cookies that are automatically deleted when you close your browser (session cookies) and permanent cookies with a longer lifespan that enable us to recognise you when you return to our online services. In addition, we distinguish cookies and similar technologies according to their intended use and whether they are technically mandatory or not. If we require your consent for the use of cookies that are not technically necessary, we obtain this via our

Cookie management tool

when you access the website for the first time. You can also revoke your consent there at any time. Please note that a revocation is only valid for the future and does not render the data processing based on it up to the time of the revocation inadmissible. In our cookie management tool, you will also receive information about the specific cookies used, their function and lifespan. We use cookies, for example, in order to

to ensure the proper and efficient functioning of our online services,
to provide you with access to the online services and to simplify and improve their functioning,
to tailor our online services to your interests,
to save your password so that you do not have to re-enter it each time,
to track data flows and usage patterns related to our online services,
to understand how many users regularly use our online services, what devices (e.g. laptop, tablet, mobile device), operating systems (e.g. Windows, Mac OS, iOS, Android) and internet browsers (e.g. Firefox, Safari, Chrome) are being used,
to monitor and continuously improve the performance of our online services.

In the following, we inform you about certain tools and practices that we use for analysis and marketing purposes.

6.1. Google Analytics (Analysis/Marketing)

We use Google Analytics, a web analytics and remarketing service provided by Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 ("Google").Google Analytics uses cookies. The information generated about your use of our online services is generally transmitted to a Google server in the USA and stored there. As a general rule, your IP address is shortened by Google within the EEA and only in exceptional cases transmitted as full IP address to a Google server in the USA and shorted there. Google uses this data to evaluate your use of our online services, to compile reports on activities on our online services and to provide us with other services associated with the use of the site and the Internet. In particular, we use the remarketing function of Google Analytics. Visitors are divided into groups, for example according to the duration of the visit or the event, i.e., the performance of a certain action on our online services. This enables us to show you personalised advertising even if you are currently surfing on another website that also participates in the Google advertising network.We obtain your consent for using the tool and processing your data (Art. 6 para. 1 lit. a GDPR), which consent you may provide via our

Cookie management tool

when you first access the website and which you may revoke there at any time with effect for the future.

6.2 Facebook Pixel (Analysis/Marketing)

We use the remarketing tool Custom Audiences of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") and for this purpose embed a pixel on our website. The tool can be used to display personalised advertisements to users of our website when they visit the social network Facebook or other websites that also use this process. We also allow certain film distributors (e.g.,

The Walt Disney Company Limited

) to embed such tracking technologies on our website in order to analyse the effectiveness of advertising campaigns for certain films, for targeted advertising, to personalise content, to inform about marketing campaigns, to prevent click fraud and to allow us to allocate click funds. In some cases, we also partner with these film distributors to provide targeted advertising to our users on social media platforms (without sharing your data with them). Data such as the time of your visit, the ads clicked on and your IP address, as well as other identifiers, if applicable, are collected through Facebook counting pixels. If you are logged into your Facebook account at this time, Facebook can combine such information with your account data. You can find out how Facebook handles collected data in the Facebook privacy policy:

https://www.facebook.com/about/privacy

. We base the use of the tool on your consent (Art. 6 (1) lit. a GDPR), which you have given via our

Cookie management tool

when you first access the website and which you can revoke at any time with effect for the future.

6.3 Twitter (Analysis/Marketing)

We use Remarketing by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Remarketing utilizes so-called tags to create pseudonymised usage profiles when you visit our website, which can be used as a basis for subsequent advertising, e.g., on the microblogging service operated by Twitter. Twitter finds out from your browser, among other things, that our website was accessed from your end device. If you are registered with a Twitter service, Twitter can assign your visit of our website to your account. The information generated through the tags are transmitted to a server in the USA and stored there. You can find information on Twitter Remarketing at:

https://business.twitter.com/en/help/campaign-setup/campaign-targeting/custom-audiences.html

. Information on data processing can be found in Twitter's privacy policy:

https://twitter.com/privacy?lang=de

. We base the use of the tool on your consent (Art. 6 para. 1 lit. a GDPR), which you have given via our

Cookie management tool

when you first access the website and which you can revoke at any time with effect for the future.

6.4 Pinterest (Analysis/Marketing)

We use the remarketing tag of Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest"). We place an individual code snippet (Pinterest tag) on basis of your consent (Art. 6 (1) lit. a GDPR), which you can provide to us via our

Cookie management tool

when you first access the website and which you can revoke at any time with effect for the future. This allows us to ensure that our advertisements on Pinterest are only displayed to those Pinterest users who have also shown interest in our offer.Hereby, we want to ensure that our advertisements on Pinterest correspond to the potential interest of the respective user and do not have a harassing effect. It also allows us to track the actions of Pinterest users after they have seen one of our ads on Pinterest or clicked on the website ad. This allows us also to measure the effectiveness of each campaign for statistical, market research and billing purposes. The following information are processed: device information (e.g., type, brand), operating system (e.g., iOS 15), IP address, time of access to our offer, type and content of the campaign and your reaction to the respective campaign (e.g., by clicking at it). Pinterest can possibly assign the data to a user who is logged into their Pinterest account and to link the data to the Pinterest account. Further information can be found in Pinterest's privacy policy:

https://policy.pinterest.com/en-gb/privacy-policy

7. Yorck on demand

If you use our Yorck on Demand offer (

https://ondemand.yorck.de

), we collect additional information regarding rented or purchased films, date and period of the rental, your age, a youth protection PIN (where applicable), the number of downloads made, the number of end devices used, the duration of access authorisation, the language settings and device information. The data is processed for the purpose of initiating and performing a contract with you and thus on basis of Art. 6 (1) lit. b GDPR. The data is stored for as long as necessary for the aforementioned purpose; continued storage is possible where legal retention periods apply or where the data storage is necessary for the enforcement or the defence of legal claims.In addition to Google Analytics (point 6.1), we use the following tools:

Intercom

We provide Intercom, Inc ("Intercom") with a limited amount of your data (e.g., the date of registration and some personal information such as your e-mail address) and use Intercom to collect data for analytical purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyses your use of our website and/or product and tracks our relationship using cookies and similar technologies so that we can improve our service to you. For more information about Intercom's usage of cookies, please visit

https://www.intercom.com/terms-and-policies#cookie-policy

Mandrill

We use Mandrill to send transactional e-mails, such as a purchase receipt. We provide The Rocket Science Group LLC, which operates Mailchimp and Mandrill, with a limited amount of your information, such as your e-mail address. We use Mandrill to collect data for analytics purposes when you open an e-mail. Mandrill's services are subject to Mailchimp's terms of use, which are available at

https://mailchimp.com/legal/terms/

Amazon Web Services (AWS)

We use Amazon Web Services ("AWS") as our cloud storage solution. AWS has demonstrated compliance with a number of internationally recognised content, data and infrastructure security standards, such as Information Security Management System - ISO-27001, System and Organization Controls Report - SOC1/2 and The Payment Card Industry Data Security Standard. In addition, AWS has demonstrated compliance with MPAA Content Security Best Practices and the AWS infrastructure complies with all applicable MPAA controls. For more information about AWS' privacy policies, please visit:

https://aws.amazon.com/privacy/

8. Integration of YouTube videos

We include videos in our online services that are stored on YouTube and can be played directly from our online offer. YouTube belongs to the Google Group. For data protection reasons, the videos are integrated in such way that no data about you as a user is transmitted to YouTube unless you play the videos. Only when you click on the play button do you give your consent (Art. 6 (1) lit. a GDPR) to the transfer of your data to YouTube, which you can withdraw via our

Cookie management tool

with effect for the future. Information on the purpose and scope of data collection and its processing can be found in the Google privacy policy:

https://policies.google.com/technologies/cookies?hl=en#types-of-cookies

. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

9. Data transfers to recipients

We may transfer your data to the following categories of recipients, such as: affiliated companies, business partners, service providers, consultants, courts. The legal basis for the transfer of data includes:

the transfer is necessary in accordance with Art. 6 (1) lit. f GDPR for the assertion, exercise or defence of legal claims or is in our legitimate business interest (e.g., integration of payment service providers, marketing newsletter service providers or helpdesk operators)
there is a legal obligation for the transfer according to Art. 6 (1) lit. c GDPR (e.g., data transfer to a public authority).
The transfer is necessary according to Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you (e.g., forwarding your postal address to shipping companies).
you have consented to the transmission of your data to the third party.

10. Data transfer to third countries

In principle, the data you transmit to us is stored on servers within the European Union (EU). If necessary for the initiation or execution of the contract, we will transfer your data to the corresponding offices outside the EU. The same applies if such transfer is necessary for our purposes; in doing so, we ensure that the recipient of the data guarantees an appropriate level of data protection and that no other interests worthy of protection speak against the transfer of data. We have already informed you at various points in this privacy policy that data may end up in third countries if we work with service providers and partners in third countries.

11. Our social media presence

We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing operations. Below we provide you with an overview of which of your data we collect, use and store when you visit our profiles. You are not obliged to provide us with your data. However, this may be necessary for individual functionalities of our profiles in social networks, so that these functionalities will not be available to you or only to a limited extent if you do not provide us with your data.If you are the owner of your own profile in the social networks, we can generally only view the information stored in your public profile, and only if you are logged into your profile while you visit our profile. In addition, we may process data that you provide to us when you contact us via one of our profiles on social networks (e.g., when you create a post, or send us a message). We process this data to contact you and, in the case of your post, to display the post on our profile. The legal basis for this is Art. 6 (1) lit. a and b GDPR. We delete stored data as soon as their storage is no longer necessary or you request us to delete the data; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.When you visit our profile pages on social networks, the operator of the respective social network also processes your data, regardless of whether you yourself have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the social network and they are not necessarily traceable for us.In addition, the respective operator of the social network provides us with anonymous usage statistics which we use to improve the user experience when visiting our profile. We do not have access to the usage data that the operator of the social network collects to create these statistics. Facebook, for example, has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR in this regard and to provide visitors to our profile with the essence of this commitment. This data processing serves our legitimate interest in improving the user experience when visiting our profile in line with the target group (Art. 6 para. 1 lit. f GDPR).In addition, some operators of social networks (e.g., Facebook) use cookies that are stored on your end device when you visit our profile even if you do not have your own profile in the network or are not logged into your profile while visiting our profile. These cookies enable the respective operator to create user profiles based on your preferences and interests and to display advertising tailored to you (within and outside the respective social network).For details on the collection and storage of your data as well as on the type, scope and purpose of its use by the operator of the social network, please refer to the data protection declarations of the respective network operator:

Facebook:
https://www.facebook.com/about/privacy
Twitter:
https://twitter.com/privacy?lang=de
Instagram:
https://de-de.facebook.com/help/instagram/155833707900388
YouTube:
https://policies.google.com/technologies/types?hl=de
Pinterest:
https://policy.pinterest.com/de/privacy-policy
Letterboxd:
https://letterboxd.com/legal/privacy-policy
/

12. Deletion of your data

We delete your data as soon as the storage is no longer necessary for the purposes pursued with the collection and processing and the deletion does not conflict with any statutory retention obligations. We provide further information on the deletion rules further above within this privacy policy for the respective processing operations.

13. Your rights and contact

You have various rights in relation to your data. You have the right to request information free of charge about the data we have stored about you, the right to correct, delete or restrict the processing of this data and, if we base this on our legitimate interests, or if we use the data for direct advertising, the right to object to the processing.Whether and to what extent these rights exist in individual cases and which conditions apply are regulated by the GDPR and the Federal Data Protection Act. According to the GDPR, you also have a fundamental right to data portability.In addition, if you have given your consent to the processing of your personal data, the consent can be revoked at any time with effect for the future.You are also free to lodge a complaint with the competent data protection supervisory authority.If you have any questions or suggestions regarding our data processing or this privacy policy, please contact

datenschutz@yorck.de

14. Amending the privacy policy

We may change this privacy policy at any time with effect for the future. The latest version is available on our website. Please visit the website regularly and inform yourself about the applicable data protection provisions.

Cookie Settings