NAAS PRIVACY POLICY

Last updated: 02 May 2021


A. Overview of Data Protection


The following Privacy Policy is meant to help you understand which personal and other data we collect and process when you visit our website naasnetwork.org, and the rights you have under the Data Protection Law.

The term “personal data” comprises all information that can be used to personally identify you. The specific data we collect and how we use them depends on the service we offer. With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in accordance with Article 4 of the GDPR.

To respond to changing laws and technologies, we might need to update and make changes to this policy from time to time. Please be sure to check this policy periodically to familiarize yourself with the latest version. Kindly note that by continuing to use our site, or on pages where the Privacy Policy is posted, you consent to the use of your information in accordance with this Privacy Policy.

1. Who is responsible for the collection, processing, and use of your data?

The responsible body (i.e. Controller) for the personal data collected from users when visiting our website is 

NAAS – Network of Arab Alternative Screens e.V.
c/o Tuesday Coworking
Belziger Strasse 69/71
10823 Berlin
Germany

Telephone: +49 (30) 814 57 333
Email: [email protected]

All personal data is processed by NAAS in accordance with the provisions of data protection statutes, in particular the General Data Protection Regulation of the EU (also called GDPR for short).

Users (hereinafter also referred to as »you«) may contact us by e-mail at [email protected] for any questions regarding data protection practices at NAAS (hereinafter also referred to as »we«). 


2. General information regarding data processing and legal grounds

This Data Policy governs all the pages of our website www.naasnetwork.org and informs you about which personal and other data is collected when visiting our website, and how the data is used and for which purpose.

This Data Policy does not apply to pages hosted by other websites or related organizations or third party sites. The NAAS website may be linked to the websites of such other parties but those other sites may have their own data policy which applies to them. 

This Data Policy applies only to information provided to the website and communications with us through the website. It does not apply to any other information or communications that may reference NAAS - Network of Arab Alternative Screens.

The operators of this website take the protection of your personal data very seriously. Hence, we are committed to treating it responsibly and in accordance with statutory data protection regulations as well as with this Data Policy.

The personal data of the users which is processed as part of the online offer includes user data (e.g. names and addresses of users), usage data (e.g. the visited pages of our online offer, interest in our programs) and content data (e.g. information entered when registering for our newsletter or our Member Space).

The term “users” covers all categories of the data processing of affected persons. This includes our partners, financiers, grantees, interested parties, and other visitors to our online services.

Access to third-party links

Our website may contain links to other third-party websites and services. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy policy. We urge our users to exercise caution and read the privacy policy applicable to these websites before using their services.

3. Your rights with regard to personal data relating to your person

On the basis of the Federal Data Protection Act, you may contact us at no cost if you have questions relating to the collection, processing or use of your personal information. You may do so by using the contact details provided at the top of this Data Policy.

You have the following rights towards us regarding the personal data concerning you:

Art. 15 GDPR - Right of information: You have the right to request information about the personal data we store about you at any time.

Art. 15 GDPR - Right of access: If you have an account on our Website’s Member Space, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

Art. 16 GDPR - Right to Rectification and Restrict Access: In addition,you have the right to correct incorrect data, or, alternatively, in accordance with Art. 18 GDPR, to request a restriction on the processing of the data.


Art. 7 Para. 3 GDPR - Right to Withdraw Consent: You can also revoke consent, always with implications for the future.

Art. 17 GDPR - Right to be Forgotten: You have the right to delete any personal data we hold about you.

Art. 20 GDPR - Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.


Please note that you have the right to have incorrect data corrected or to have personal data deleted, where such claim is not barred by any legal obligation to retain this data.

Art. 77 GDPR - Right to Appeal: Moreover, you have the right to lodge a complaint with a data protection supervising authority if you are of the opinion that the processing of the data concerning you violates data protection provisions. The right of appeal can be asserted in particular with a supervisory authority in the member state of your residence, your place of work or the place of the presumed infringement.


B. Security of collected Data

We adopt organizational, contractual and technical security measures in accordance with Art. 32 GDPR to ensure an appropriate level of security and to protect the data which is processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorized persons.

Our security measures include strong connection standards such as AES-256 encryption to protect the transmission of personal data between your web browser and our servers. When encryption is activated, the data you transmit to us cannot be read by third parties.

You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.

We would like to point out that data transmission on the internet (e.g when communicating with us via email) may have security gaps and cannot be fully ensured. Full protection against third parties access of data is therefore not possible.

C. User data storage Location and duration


Where is your data stored?

All the data that we collect is stored in databases in third-party platforms: Google Drive, MailChimp and October CMS. For further information on these services’ privacy policies and terms of service, we provide links below:

We utilize appropriate safeguards in order to ensure that any transfer of your personal data outside of the European Economic Area will be lawful and safe. Further information on these safeguards can be provided upon request by emailing us at [email protected].


How long will your data be stored ?

The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements.

The criteria used to determine the period of storage of personal data is the respective statutory retention period. The statutory deadlines are usually six or ten years. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, more relevant for taxation Documents, etc.) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).


D. Collection of access data and log files


Server Data we collect

When you visit the website of NAAS - Network of Arab Alternative Screens e.V., your internet browser automatically sends data to our web server. The following data is automatically collected and stored:

  • Name of the retrieved file

  • Date and time of the retrieval

  • IP address

  • Size of the retrieved file

  • Status code of the transmission (technical Info)

  • Browser type/version and operating system used

  • Referrer URL

  • Geographical location

The log file information is stored for security reasons (e.g. for the clarification of acts of abuse or fraud) for the duration of a maximum of seven days. Data, the further retention of which is required for evidence purposes following an indication of suspicious activity, is to be excluded from deletion until full clarification of the respective incident.

The data cannot be assigned to your specific person and will not be merged with other personal data you may have provided. In anonymised form, the data shall also be evaluated by us for statistical purposes, and subsequently deleted.

The data is not subject to another use or passed on to third parties except in the cases expressly mentioned here.


1. Communication with us

We offer you on our website the opportunity to contact us via email. In such an event, the personal data transmitted in this way will of course exclusively be used for the purpose for which you made the data available by contacting us. We will not pass on this data without your consent nor will we match this information to any other information collected by other components of our website.

When establishing contact with us, the user information is processed in order to deal with the contact request and its handling in accordance with Art. 6 (1) b of the EU GDPR.


2. Registration on our website

On our Website, we offer users the option to create a user account e.g. on the NAAS Member Space. This is necessary in order to manage the membership data in the membership form. As part of the registration process, the required mandatory information of users shall be communicated and processed.

We process user data (e.g. names, contact details, age, nationality, country of residence, and profession), for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) b of the EU GDPR. Collected personal data for the completion of the membership application includes the name of the institution, location, addresses, specialization, and details about the work of the institution. User accounts are not public and cannot be indexed by search engines.

We require personal data for the following purposes:

  • Granting access to the Member Space including all services and benefits offered there

  • Processing membership applications

  • Collecting information in Member Space to statistically analyze and improve our understanding of the alternative cinema sector.

If you are registered on our Member Space, you can access content and services which we exclusively offer to registered users. This information can be changed and deleted by the users at any time. However, mandatory data provided at registration (see 3.2) cannot be changed or deleted. In order to contact us in this regard, please use the contact details provided in the overview section of this Data Policy.

If, for any reason, you should be required to provide the personal data of third parties, you need to ensure in advance that you have the consent of the affected person(s) to provide this data to us.

The user data shall be treated confidentially by us and stored on secure servers. Personal data, which you enter via forms on the Member Space, shall be processed by us in the form of emails. It is therefore stored on our email server.

As part of the registration and repeated logins and the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as those of users, to protect our services against abuse and other unauthorized use. Distribution of this data to third parties does not take place as a matter of principle unless it is required to pursue our claims or a legal obligation for this exists in accordance with Art. 6 (1) c of the GDPR.

Unless otherwise agreed, the consent for the storage of the data applies until the expiry of the validity of this guideline, but never longer than 5 years. Users of our website shall be automatically once again asked to give their consent following expiry of this period or in the event of changes to this Privacy Policy.

If users have terminated their user account, their Member Space profile data shall be deleted immediately unless further storage is required for legal requirements (Art. 6 (1) c EU GDPR) or for the fulfillment of our legitimate interests (Art. 6 (1) f EU GDPR). It is the responsibility of the users to back up their data in the event of termination. We are entitled to irretrievably delete all data of the user stored during the term of the agreement.

According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, more relevant for taxation Documents, etc.) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).

3. Subscription to our Newsletter

If you are a registered user of our Member Space or have applied for a newsletter subscription on our website, you will periodically receive a newsletter from us, informing you of opportunities, events, programs, training and other announcements pertinent to the alternative cinema sector.

In order to subscribe to our newsletter, we require your consent, which is the legal basis for processing your data according to Art. 6 (1) sentence 1 (a) of the GDPR.

a) Subscription Data:

In order to process your application for a newsletter subscription, we ask you to enter mandatory information such as your full name and email address, and other optional information such as name and location of the institution you are part of. We will process the data you provided to us only for the purpose of sending you the corresponding newsletter and do not pass it on to third parties.

b) Double Opt-in Procedure: 

Double opt-in and logging: The registration for our newsletter takes place, using a double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's email address. 

c) Logging of Registration Process:

The registration for the newsletter is logged in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address.

d) Subscription Cancellation:

You may withdraw your consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. by clicking on the "unsubscribe" link in the newsletter or by sending us your request to [email protected]. Data we have stored for other purposes (e.g. email addresses for the members' area) remain unaffected.

Once you withdraw your consent, you will no longer receive our newsletter in the future.

e) Mailchimp

We rely on the services of Mailchimp to design, send and manage our newsletter to our subscribers. The data we collect when you register for the newsletter is sent to Mailchimp’s server operated by The Rocket Science Group LLC. The company is domiciled in the State of Georgia in the United States and contractually commits to transfer and process all of its users’ Swiss, EU, and UK data in compliance with the Standard Contractual Clauses.

In the context of NAAS's newsletter, we use small files called "web beacons” that are only retrieved directly from Mailchimp’s server when the newsletter is opened and technical information (browser used, system, IP address, retrieval time) is retrieved. Based on this information, we are able to learn whether the newsletters are opened by users at all, when they are opened and which links are used by them.

As per Mailchimp Privacy Policy, Section 5 (E), Mailchimp complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, United Kingdom, and Switzerland, including the onward transfer liability provisions.

Further information about the EU-US Privacy Shield can be found at:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
http://ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm


E. Use of Cookies

Cookies are information transferred from our web server or the web servers of third parties to the web browser of the users and stored there for later access. Cookies can be small files or other types of information storage.

We use “session cookies“ that are only stored for the duration of the current visit to our website (e.g. in order to store your login status and, therefore, enable the use of our online offer).

In a Session Cookie, a unique, randomly generated identification number is stored, known as a Session ID. Furthermore, a Cookie contains information about its origin and the storage period. These cookies are not able to store any other data. Session cookies are deleted once you leave our NAAS website, for example, when you log out or close the browser.

The users shall be informed about the use of cookies in the course of pseudonymous reach measurement as part of this Privacy Policy (see statistical analysis with Google Analytics, Sect. F of this Privacy Policy).

If they wish, users can prevent cookies from being installed on their computer by adjusting the browser’s privacy settings. You should be aware, however, that blocking cookies can lead to functional limitations of the online offer.

Information on how to control cookies on most common browsers can be found below:

Google Chrome
Mozilla Firefox
Internet Explorer
Safari


F. Use of Google Analytics for Statistical Purposes

We use, on the basis of our legitimate interests (which means interest in the analysis, optimization and handling of our online services pursuant to Art. 6 (1) f of the GDPR), the web analytics service Google Analytics for the statistical analysis of user access.

The place of processing for EU Publishers using Google Analytics, effective as of April 30, 2021 is: Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), and located at Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses “cookies”, which are text files that are stored on your computer and enable us to perform an analysis of the website use. In order to do this, information generated by the Cookie about the use of this website is stored on Google servers. The IP address is anonymized before storage.

The information generated by the Cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies via a corresponding browser setting; however, we would like to point out to you that in this case, it is possible that you will not be able to use all functions of our website in full.

If you do not agree to the storage and use of your data, you can prevent the storage and use by installing the Google Analytics Opt-Out Browser Add-on, which is downloadable here.

The add-on is compatible with Chrome, Internet Explorer 11, Safari, Firefox, and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. You can learn more about the opt-out browser add-on here.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

We use reCAPTCHA to check whether the data provided to us when subscribing to the newsletter has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. The reCAPTCHA analysis is visible and takes place as part of a user’s registration to our newsletter where a user may have to take action and confirm that he is not a robot.

Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: 

Google Privacy Policy and Google reCAPTCHA


G. Distribution of data to third parties and third-party providers

Distribution of data to third parties only takes place on the basis of legal regulations. We shall only pass on the data of the users to third parties:

- if the users have given their consent to the distribution (Art. 6 (1) a EU GDPR)
- if it is required for contractual purposes (Art. 6 (1) b EU GDPR)
- for compliance with legal obligations (Art. 6 (1) c EU GDPR)
- in order to protect the vital interests of the users (Art. 6 (1) d EU GDPR)
- or on the basis of legitimate interests in order to assure effective operations of our organizational activities (Art. 6 (1) c EU GDPR).

If we use subcontractors in order to provide our services, we shall take suitable legal measures and corresponding technical and organizational measures in order to ensure the protection of the personal data in accordance with relevant statutory regulations.

If, as part of this Privacy Policy, we use content tools or other means from other providers (hereinafter referred to jointly as “third party providers”) and their named headquarters are situated in a third country, it is to be assumed that a data transfer will take place in the countries of the headquarters of the third-party provider. Third countries are to be understood as countries, in which the GDPR is not a directly applicable law, which generally means countries outside the EU or the European Economic Area. The transfer of data to third countries takes place if there is an appropriate level of data protection, consent of the users or another form of legal permission.

Use of Third-Party Tools

Our website incorporates external links to allow you to view content hosted on external platforms directly from the pages of this website and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

SoundCloud widget

Soundcloud is an audio content delivery service that allows our website to incorporate content of this kind on its pages.
Personal Data collected: Usage Data
Place of processing: SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany
Privacy Policy

Mixcloud widget

Mixcloud is an audio content delivery service that allows our website to incorporate content of this kind on its pages.

Personal Data collected: Usage Data.
Place of processing: Mixcloud Limited, Mixcloud 447 - 453 Hackney Road, London, E2 9DY, UK
Privacy Policy

Twitter

We use Twitter on our website to display and link to the messages of our venues on the Twitter network.
Personal Data collected: Usage Data.
Place of processing: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
Privacy Policy

Twitter complies to the EU-US Privacy Shield
Due to a court decision the EU-US Privacy Shield Agreement is currently not applicable. We are working on a solution to ensure a level of protection for personal data with our partners outside the EU that corresponds to that within the European Union.

Integration of YouTube and Vimeo Videos

Embedded YouTube videos

Our website uses plugins from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.

As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your device after starting a video. With the help of these cookies, YouTube can receive information about visitors to our website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your device until you delete them.

If necessary, further data processing operations can be triggered after the start of a YouTube video, over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

You can find more information about data protection at YouTube in their data protection declaration here.

Embedded Vimeo videos

We embed Vimeo videos on some of our Website pages. Vimeo is operated by Vimeo, LLC with headquarters in 555 West 18th Street, New York, New York 10011, USA.

When you visit a website with a Vimeo plug-in, a connection to the Vimeo server is established and the plug-in is displayed. Through this, the Vimeo server receives information on which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo links this information to your personal user account. When using the plug-in, for example by clicking the start button of a video, this information is also linked to your user account. You can prevent this information from being linked by signing out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies. You can find more information about the data processing and data protection of Vimeo at:

https://vimeo.com/privacy
https://vimeo.com/transfer_statement

Vimeo complies to the EU-US Privacy Shield


H. Changes to and Validity of this Data Protection and Privacy Policy

We reserve the right to change the Privacy Policy in order to adapt it to altered legal situations, or in the event of changes to the services we provide as well as to data processing itself. However, this only applies with regard to declarations about data processing. If user consent is required or integral parts of the Privacy Policy contain provisions of the contractual relationship with the users, the changes take place only with user consent.

This privacy policy is currently valid and is effective as of 02 May 2021. Should we update, amend, or make any changes to our privacy policy, those changes will be posted here.
Should we make significant changes to the Privacy Policy that affect processing activities performed on the basis of the User’s consent, we shall collect new consent from the User, where required.

NAAS – Network of Arab Alternative Screens e.V. urges its users to return periodically to this Privacy Policy to familiarize themselves with its latest version.

This website uses cookies

We use cookies to improve the functionality of our website and membership portal. Read more about how we use these cookies in our privacy policy. You may go to Settings to review and update your cookie opt-in options.