Privacy Policy of Pumpkin Film AG

Table of Contents

1. What is this privacy policy about?
2. Who is responsible for processing your data?
3. What data do we process?
4. For what purposes do we process your data?
5. On what basis do we process your data?
6. Who do we disclose your data to?
7. Does your personal data also end up abroad?
8. How long do we process your data?
9. How do we protect your data?
10. What rights do you have?
11. Do we use online tracking and online advertising techniques?
12. What data do we process on our social network pages?
13. Can this Privacy Policy be changed?

1. What is this privacy policy about?

Pumpkin (hereinafter also «Pumpkin»,”we”, “us”) obtains and processes personal data concerning you or also third persons (so-called “third parties”) in order to execute the order(s) placed with us in a high quality and in an efficient manner. We use the term “data” here synonymously with “personal data” or “personal information”.

“Pumpkin ” refers to Pumpkin Film AG, and its group companies.
“Personal data” refers to data relating, to specific or identifiable persons, i.e., conclusions about their identity are possible on the basis of the data themselves or with corresponding additional data. “Personal data requiring special protection” is a category of personal data that is specially protected by the applicable data protection laws. In section 3 you will find details of the data we process under this privacy policy. “Processing” means any handling of personal data, e.g., obtaining, storing, using, adapting, disclosing and deleting.

In this Privacy Policy, we describe how we handle your data when you use our website www.pumpkinfilm.ch (the “website”), obtain our services or products, otherwise interact with us under a contract, communicate with us or otherwise deal with us. Where appropriate, we will provide well in advance written notice of additional processing activities not mentioned in this Privacy Policy.

If you disclose data relating to family members, a partner or other third parties, you accept responsibility to that they approve that we may use the data in accordance with this Privacy Policy.

This Privacy Policy is designed to meet the requirements of the European General Data Protection Regulation (“GDPR”), the Swiss Data Protection Law (“DSG”) and the revised Swiss Data Protection Law (“revDSG”). However, whether and to what extent these laws are applicable depends on the individual case.

2. Who is responsible for processing your data?

Pumpkin and its group companies are responsible for the data processing described in our Privacy Policy. This is where your data are processed by such a group company in connection with your own legal obligations or contracts or where you share your data with one of our group companies. In these cases, this group company is the responsible party with corresponding national legal obligations (see section 6).
You can contact us for your data protection concerns and to exercise your rights in accordance with section 10 as follows:
Pumpkin Film AG
 Mrs. Claudia Brand
 Zeltweg 46
 CH-8032 Zürich
 info@pumpkinfilm.ch

3. What data do we process?

We process different categories of data. The most important categories are the following:

  • Technical data: When you access our website or other electronic offers, we collect the IP address of your electronic device and other technical data (user accounts, registrations, accesses) to ensure their functionality and security. These data also include logs in which the use of our systems is recorded. We generally retain technical data for 6 months. In order to ensure the functionality of these offers, we may also assign an individual code to you or your electronic device (e.g. in the form of a cookie, please see section 11). The technical data in itself does not allow any conclusions to be drawn about your identity. Technical data includes, among other things, the IP address and information about the operating system of your terminal device, the date, region and time of use, as well as the type of browser you use to access our electronic offerings. This can help us to provide the correct formatting of the website or to show you a website adapted for your region, for example. Based on the IP address, we know which provider you use to access our offers (and thus also the region), but we cannot usually deduce who you are from this. This changes when you create a user account, for example, because personal data can then be linked to technical data (e.g. we can see which browser you use to access an account via our website). Examples of technical data also include “logs” that occur in our systems (e.g. the log of user logins on our website).
  • Registration data: Certain offers e.g. of services (e.g. login areas of our website, newsletter dispatch etc.) can only be used with a user account or a registration, which can be created directly with us or via our external login service providers. We collect data on the use of the offer or service. Registration data are required for the access control to certain areas of our website. We generally retain registration data for 12 months after the end of the use of the service or the termination of the user account.Registration data includes, among other things, the information you provide when you create an account on our website (e.g. user name, password, name, e-mail). However, registration data also includes the data we may require from you before you can use certain free services such as our Wi-Fi service, in which case: name, email and telephone number; or the redemption of vouchers, in which case: name, address, contact details and time of redemption. You also need to register if you want to subscribe to our newsletter. In the context of access controls, we may have to register you with your data (access codes in badges or biometric data for identification).
  • Communication data: When you contact us via the contact form, email, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and traffic data.Communication data is your name and contact details, the manner and place and time of communication and usually also its content (i.e. the content of emails, letters, chats, etc.). This data may also include details of third parties. For identification purposes, we may also process your ID number or a password set by you or your press card. For secure identification, the following mandatory information must be provided for media enquiries: Publisher, name of publication, title, first name, surname, postal address, e-mail address and telephone number of the reporting person.
  • Master data: Master data is the basic data that we use – provided your consent – in addition to the contractual data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information e.g. about your role and function, customer history, powers of attorney and signature authorisations etc. With your consent, we process your master data if you are a customer or other business contact or work for one (e.g. as a business partner contact person, as part of marketing and advertising, with invitations to events, with vouchers, with newsletters etc.). We receive master data from you yourself (e.g. when making a purchase or as part of a registration) or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, social media etc.). We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. For pure marketing and advertising contacts, the period is usually much shorter, usually not longer than 2 years since the last contact. Master Data include, for example, information such as your name, address, email address, telephone number and other contact details, gender, date of birth, nationality, details of associated persons, websites, photographs and videos, copies of identification documents; also details of your relationship with us (customer, supplier, visitor, service recipient etc.), details of your status with us, allocations, classifications and distributions, details of our interactions with you (if applicable, a history thereof with corresponding entries), reports (e.g. from the media) or official documents (e.g. excerpts from the commercial register, authorisations, etc.) which concern you. As payment information, we collect e.g. your bank details, account number and credit card data whereby the payment data are deleted without delay. Consent or blocking notices are also part of the master data, as are details about third parties, e.g. contact persons, recipients of services, advertising recipients or representatives.
    In the case of contact persons and representatives of our customers, suppliers and partners, we process as master data e.g. name and address, details of their position, function in the company and, where applicable, details of superiors, employees and details of interactions with these persons.
    Master data are not collected comprehensively for all contacts. Which data we collect in detail depends in particular on the purpose of the processing.
  • Contract data: These are data that we deal with in connection with the conclusion or fulfilling of a contract, e.g. information about contracts and the services to be rendered, as well as the data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g. complaints or information about satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract and from publicly accessible sources. We generally retain this data for 10 years from the last contractual activity, but at least from the termination date of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons. Contract data include information about the conclusion of the contract, about your contracts, e.g. type and date of conclusion of the contract, information from the offering process (such as an offer of our products or services) and information about the contract in question (e.g. its duration) and the processing and administration of the contracts (e.g. information in connection with invoicing, customer service, assistance with technical matters and the enforcement of contractual claims). Contract data also include information about defects, complaints and adjustments to a contract, as well as information about customer satisfaction that we may collect, for example, through surveys. Contractual data also includes financial data such as information about creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood that debts will be paid), about reminders and about debt collection. We receive this data partly from you (e.g. when you make payments), but also from credit agencies and debt collection companies and from publicly accessible sources (e.g. the commercial register).
  • Behavioural and preference data: Depending on our relationship with you, we try to get to know you better and we customize our products, services and offers for you. To do this, we collect and use data about your preferences and your use of our website. We describe how tracking works on our website in section 11. Behavioural data are informations about certain actions, such as your comments to electronic communications (e.g. whether and when you opened an email) or your location, as well as your interaction with our social media profiles and your participation in sweepstakes, contests and similar events. We may collect your location data, for example, when you use our website.
    Preference data tell us what your needs are, what products or services might be of interest to you, or when and how you are likely to respond to messages from us. We obtain this information from the analysis of existing data, such as behavioural data, so that we can get to know you better, customize our advice and offers more precisely to you and generally improve our offers. In order to improve the quality of our analyses, we may combine these data with other data that we also obtain from third parties such as address dealers, public offices and publicly accessible sources such as the Internet, e.g. with information on your household size, income class and purchasing power, shopping behaviour and contact data of relatives and anonymous information from statistical offices.
    Behavioural and preference data can be evaluated on a person-related basis (e.g. to show you personalised advertising), but also on a non-person-related basis (e.g. for market research or product development). Behavioural and preference data can also be combined with other data (e.g. movement data can be used for contact tracing as part of a health protection concept).

Many of the measures described in this section 3 you disclose to us yourself (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. within the framework of compliance with legal obligations or the observance of protective concepts in the case of possible infectious diseases, etc. If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data are unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data.

We only provide certain services to you if you provide us with your registration data because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically necessary or because we want to communicate with you. If you or a person you represent (e.g. your employer) want to conclude or fulfil a contract with us, we need to collect corresponding master, contract and communication data from you, and we process technical data if you want to use our website or other electronic offers for this purpose. Similarly, we can only send you a response to an enquiry from you if we process the relevant communication data and, if you communicate with us online, technical data where applicable. The use of our website is also not possible without us receiving technical data.

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your help), information about you in correspondence and meetings with third parties, creditworthiness information (insofar as we conduct business with you personally, e.g. so that we can conclude and process transactions with your employer with your help), information about you which people close to you (family, advisors, legal representatives, etc.) give us so that we can conclude or process contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements and export restrictions, information from banks, insurance companies and sales and other contractual partners of ours for the utilisation or provision of services by you (e.g. payments, purchases, etc.), information from the media and Internet about your person, insofar as this is indicated in the specific case, e.g. in the context of an application, marketing, etc., your address and, if applicable, interests and other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed to you.

4. For what purposes do we process your data?

We process your data for the purposes we explain below. Further information for the online area can be found in section 11. You will find further information on the legal basis for our data processing in section 5.
We process your data for purposes related to communication with you, in particular to answer enquiries and to contact you in the event of queries. For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We retain this data to document our communication with you, for training purposes, for quality assurance and for follow-up enquiries.

This is for all purposes in relation to which you and we communicate, whether in customer service or consultation, authentication in the event of use of our website or for training and quality assurance (e.g. in the area of customer service). We further process communication data so that we can communicate with you by email and telephone, as well as messenger services, chat, social media, letter and fax. Communication with you is usually in connection with other processing purposes, e.g. so that we can render services or answer a request for information. Our data processing also serves to provide evidence of the communication and its content.

We conclude contracts of various kinds with our business and private customers, with suppliers, subcontractors or other contractual partners such as partners in projects or with parties in legal disputes. In particular, we process master data, contract data and communication data and, depending on the circumstances, also registration data of the customer or the persons to whom the customer provides a service. This includes, for example, recipients of our products or services who receive vouchers and invitations from our customers and who may become our customers when they redeem them. In this case, we process data for the processing of the contract with these recipients, but also with the contractual partners who have invited them.
In the course of initiating business, personal data – in particular master data, contract data and communication data – are collected from potential customers or other contractual partners (e.g. in an order form or contract) or resulting from communications. We also process data in connection with the conclusion of a contract to check creditworthiness and for the opening of a customer relationship. In some cases, this information is checked for compliance with legal requirements.

As part of the processing of contractual relationships, we process data for the administration of the customer relationship, for the provision and collection of contractual services (which also include the involvement of third parties, such as logistics companies, advertising service providers, banks, insurance companies or credit agencies, which may in turn provide us with data), for advice and for customer support. The enforcement of legal claims arising from contracts is also part of the processing, as is accounting, termination of contracts and public communication.
With your consent, we process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised advertising on products and services from us and from third parties (e.g. from advertising contractual partners). This may take the form of e.g. newsletters and other regular contacts (electronically, by post or by telephone), via channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events and competitions etc.). You can refuse such contacts at any time or refuse or revoke your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see section 11).

For example, with your consent, we provide information, advertising and product offers from us and from third parties within and outside the group (e.g. advertising contract partners), as printed matter, electronically or by telephone. For this purpose, we mainly process communication and registration data. Like most companies, we personalise communications so that we can provide you with individualised information and offers that meet your needs and interests. To do this, we combine data we process about you with preference data and use this data as the basis for personalisation (see section 3). We also process data in connection with competitions, prize draws and similar events.
Relationship management also includes addressing existing customers and their contacts – possibly personalised on the basis of behavioural and preference data. In the context of relationship management, we may also operate a customer relationship management system (“CRM”) in which we store the data on customers, suppliers and other business partners necessary for the relationship management, e.g. on contact persons, on the relationship history (e.g. on products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.) and other information.
All these data processing is important for us not only to promote our offers as effectively as possible, but also to make our relationships with clients and other third parties more personal and positive, to focus on the most important relationships and to use our resources as efficiently as possible.
We strive to continuously improve our products and services (including our website) in order to be able to react quickly to changing needs. We therefore analyse, for example, how you navigate through our website or which products are used by which groups of people in which way and how new products and services can be designed (for further details see section11). This gives us indications of the market acceptance of existing products and services and the market potential of new products and services. For this purpose, we process in particular master data, behavioural data and preference data, but also communication data and information from customer surveys. We use pseudonymised or anonymised data for these purposes.
With your consent, we use non-anonymised location data to inform you of interesting offers and products in the vicinity based on your position, to infer your interests from the position data (dwell time) and to inform you of which products and services other contractual partners with similar interests have used.
We can also process your data for security and access control purposes. We have security cameras with motion sensors in the park and in our shops. The data recorded in each case are kept for a maximum of 24 hours and subsequently deleted.

We continuously review and improve the appropriate security of our IT and other infrastructure (e.g. buildings). Like all companies, we cannot rule out data security breaches with absolute certainty, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, controls, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and as part of security copies. Access controls include, on the one hand, controlling access to electronic systems (e.g. logging into user accounts), but also physical access control (e.g. building access). For security purposes (preventive and to clarify incidents) we also keep access logs or visitor lists and use surveillance systems (e.g. security cameras). We draw your attention to surveillance systems at the relevant locations by means of appropriate signs.
We process personal data to comply with laws, directives and recommendations from authorities and internal regulations (“Compliance”).

This includes, for example, the implementation of health and safety concepts or the legally regulated fight against money laundering and terrorist financing. In certain cases, we may be obliged to make certain inquiries about customers (“Know Your Customer”) or to report to the authorities. The fulfilment of duties to provide information, disclosure or notification, for example in connection with duties under supervisory and tax law, also requires or entails data processing, e.g. the fulfilment of archiving duties and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communications, internal investigations or the disclosure of documents to an authority if we have sufficient reason to do so or are legally obliged to do so. We may also process personal data about you in the course of external investigations, for example, by a law enforcement or regulatory agency or an appointed private body. Furthermore, we process data in order to serve our shareholders and to fulfil our obligations in this regard. For all these purposes, we process in particular your master data, your contractual data and communications data, but we may also process behavioural data and data from the category of other data. The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry standards, our own “corporate governance” and official instructions and requests.
For these purposes, we process in particular master data, contract data, registration data and technical data, but also behavioural and communication data. For example, we need to monitor our debtors and creditors as part of our financial management, and we need to avoid becoming victims of crime and abuse, which may require us to analyse data for relevant patterns. In the context of planning our resources and organising our operations, we need to evaluate and process data on the use of our services and other offers or exchange information on this with others (e.g. outsourcing partners), which may also include your data. The same applies with regard to services provided to us by third parties. As part of the development of our business, we may sell or acquire businesses, parts of businesses or companies to or from others or enter into partnerships, which may also result in the exchange and processing of data (including from you, e.g. as a customer or supplier or as a supplier representative).
We may process your data for other purposes, e.g. as part of our internal processes and our administration.

These other purposes include, for example, training and educational purposes, administrative purposes (such as the management of master data, accounting and data archiving and the testing, management and ongoing improvement of IT infrastructure), the protection of our rights (e.g. to enforce claims in or out of court and before authorities at home and abroad or to defend ourselves against claims, for example by preserving evidence, legal clarifications and participation in legal or official proceedings) and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The protection of other legitimate interests is also one of the other purposes that cannot be specified exhaustively.

5. On what basis do we process your data?

In connection with our contracts and our services and products, and the other services and products described in section 4 we also transfer your data to third parties, in particular to the following categories of recipients:

  • Suppliers and service providers: We work with suppliers and service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us or according to their own responsibility.

    In order to provide our products and services efficiently and to focus on our core competencies, we procure services from third parties in numerous areas. These services relate, for example, to IT services, the dispatch of information, marketing, sales, communication or printing services, the organisation and holding of events and receptions, debt collection, credit agencies, address checkers (e.g. for updating address lists in the event of relocations) and services from consultancy firms, lawyers, banks, insurers and telecom companies. We disclose to these suppliers and service providers the data required for their services, which may also be your concern. In addition, we enter into contracts with these service providers that include provisions for the protection of data, insofar as such protection does not result from the law. Our service providers may also process data on how their services are used and other data that arise in the course of using their services as independent data controllers for their own legitimate interests (e.g. for statistical evaluations or billing). The service providers inform about their independent data processing in their own private policies. Contractual partners including customers: This initially refers to customers (e.g. service recipients) and other contractual partners of ours, because this data transfer results from these contracts. They receive, for example, registration data on issued and redeemed vouchers and invitations, etc. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. Recipients include other contractual partners with whom we cooperate and thus transmit your data for analysis and marketing purposes (these may again be service recipients, but also e.g. sponsors and providers of online advertising). We require these partners to send you advertising or to play it out on the basis of your data only if you have expressly consented to this in advance (for the online area, see section 11). Upon your request, we will gladly inform you of all our central cooperation partners; our online advertising contract partners are listed in section 11.
    If you act as an employee for a company with which we have concluded a contract, the processing of this contract may lead to us informing the company, for example, how you have used our service. Cooperation and advertising contract partners receive selected master, contract, behavioural and preference data from us so that they can, on the one hand, carry out non-personal evaluations in their area (e.g. about the number of our customers who have viewed their advertising) and, on the other hand, they can also use data for advertising purposes (including the targeted addressing of you). For example, advertising partners should be able to communicate with suitable other customers of ours and send them advertising.

  • Authorities: We may disclose personal data to offices and other authorities in Switzerland and abroad for the enforcement and execution of the contractually agreed services, provided that you have expressly consented to this disclosure in advance.

    Cases of application concern legal obligations to provide information and to cooperate. Data may also be disclosed if we want to obtain information from public bodies, e.g. to justify an interest in information or because we have to say why we need information (e.g. from a register).

  • Other persons: This refers to other cases in which the involvement of third parties arises from the purposes set out in section 4 results.
    Other recipients are, for example, delivery addressees specified by you or third-party payees as well as other third parties, also within the scope of agency relationships (e.g. if we send your data to your lawyer or your bank). Subject to your express prior consent, we will mention your data in our publications or in cooperation with the media. In the course of developing our business, we may sell or acquire businesses, operations, assets or companies, or enter into partnerships, which may involve the disclosure of data (including data about you, for example, as a customer or supplier or as a supplier’s agent) to those involved in those transactions. Communications with our competitors, industry organisations, associations and other bodies may also result in the exchange of data that also relates to you.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
With your consent, we also allow selected third parties to collect personal data from you on our website and at our events (e.g. media photographers, providers of tools that we have integrated into our website, etc.). Insofar as we are involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly (see section 11 for the website.).

7. Does your personal data also end up abroad?

As described in section 6 we also disclose data to other bodies. These are not only located in Switzerland. Your data may therefore also end up abroad.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause.

Many countries outside of Switzerland or the EU and EEA do not currently have laws that guarantee an adequate level of data protection from the perspective of the DSG or the GDPR. The aforementioned contractual arrangements can partially compensate for this weaker or missing legal protection. However, contractual precautions cannot eliminate all risks (namely of state access abroad). You should be aware of these residual risks, even if the risk may be low in individual cases and we take further measures (e.g. pseudonymisation or anonymisation) to minimise it.
Please also note that data exchanged via the internet are often routed via third countries. Your data may therefore end up abroad even if the sender and recipient are in the same country.

8. How long do we process your data?

We process your data for our processing purposes as long as the statutory retention periods require and our legitimate interests in processing for documentation purposes or storage are technically necessary. Further information on the respective storage and processing periods can be found under the individual data categories in section 3 or for the cookie categories in section 11. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in the event of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance. Retention may be technically necessary if certain data cannot be separated from other data and we therefore need to retain them (e.g. in the case of backups or document management systems).

9. How do we protect your data?

We take the appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access.

Security measures of a technical nature and of an organisational nature may include, for example, measures such as the encryption of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements and controls. We protect your data transmitted via our website in transit by using appropriate encryption mechanisms. However, we can only secure areas that we control. We also oblige our contract processors to take appropriate security measures. However, security risks cannot generally be completely ruled out. Residual risks are unavoidable.

10. What rights do you have?

Applicable data protection law grants you the right to object to the processing of your data under certain circumstances.
To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law: 

  • The right to request information from us as to whether and which of your data we are processing;
  • the right to have us correct data if it were inaccurate;
  • the right to request the deletion of data;
  • the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • the right to withdraw your consent insofar as our processing is based on your preceding consent;
  • the right to obtain, on request, further information necessary for the exercise of your rights.

If you wish to exercise any of the above rights (or with any of our group companies), please contact us in writing, at our premises or, by email; our contact details are set out in section 2. In order for us to be able to exclude misuse, we must identify you (e.g. with a copy of your identity card, if this is not otherwise possible).
Please note that conditions, exceptions or restrictions apply to these rights according to the data protection law in force (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.
If you do not agree with our handling of your rights or data protection, please let our data controller know. In particular, if you reside in Switzerland, the EEA or the UK, you also have the right to complain to the data protection supervisory authority in your country. 

11. Do we use online tracking and online advertising techniques?

We use various techniques on our website which enables us and third parties engaged by us to recognise you when you use our website and, in some circumstances, to track you across multiple visits. We inform you about this in this section.
In essence, this is that we can distinguish accesses by you (via your system) from accesses by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisation. In doing so, we do not want to infer your identity, even if we can do so insofar as we or third parties engaged by us can identify you through a combination with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access the site, for example by our server (or the servers of the third parties) assigning you or your browser a specific identification number (so-called “cookie”).

Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each subsequent access, your system transmits these codes to our server or the server of the third party. In this way, you are recognised even if your identity is unknown.
Other techniques can also be used to make you more or less likely to be recognised (i.e. distinguished from other users), e.g. “fingerprinting”. Fingerprinting combines your IP address, the browser you use, the screen resolution, the language choice and other information that your system communicates to each server), resulting in a more or less unique fingerprint. In this way, cookies can be dispensed with.
Whenever you access a server (e.g. when using a website or an app or because an image is visibly or invisibly integrated into an email), your visits can therefore be “tracked” (traced). If we integrate offers from an advertising contractor or provider of an analysis tool on our website, they may track you in the same way, even if you cannot be identified in individual cases.
We use such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, we may ask for your consent in advance. You can access your current settings and you can program your browser to block or to delete existing cookies. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the keyword “data protection”) or on the websites of the third parties that we list below.
We use the following cookies (techniques):

  • Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one visit to the website) if you use this function (e.g. language selected, consent given, the function for automatic login etc.). These cookies have an expiry date of up to 24 months.
  • Performance cookies: In order to optimise our website and corresponding offers and to better adapt them to the needs of the users, we use cookies. We do this through the use of third-party providers. We have listed these below. Before we use such cookies, we ask for your prior consent. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.
  • Marketing cookies: We and our advertising partners have an interest in customized advertising, i.e. displaying it only to those we want to target. We have listed our advertising partners below. For this purpose, we and our advertising partners also use cookies – if you consent – which can be used to record the content accessed or contracts concluded. These cookies have an expiry date of between a few days and 12 months, depending on the situation. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.

In addition to marketing cookies, we use other techniques to control online advertising on other websites and thereby reduce wastage. For example, we may transmit the email addresses of our users, customers and other persons to whom we want to display advertising to the operators of advertising platforms (e.g. social media). If these persons are registered there with the same e-mail address (which the advertising platforms determine through a comparison), the operators show the advertising placed by us to these persons in a targeted manner. The operators do not receive personal e-mail addresses of persons who are not already known. In the case of known e-mail addresses, however, they learn that these persons are in contact with us and which content they have accessed.
We may also integrate further third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking on a button), the corresponding providers can determine that you are on our website. If you have an account with a social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data on their own responsibility.
We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set on your computer for advertising purposes):

  • Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our mandatory. Google Ireland relies on Google LLC (based in the USA) as its mandatary (both “Google”). Google uses performance cookies (see above) to track the behaviour of the visitors on our website (duration, frequency of pages viewed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have switched off the “Data sharing” and “Signals” settings. Although we can assume that the information, we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of the visitors from these data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such data processing, which also include the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here https://support.google.com/analytics/answer/6004245 and if you have a Google account, you can find further details on the data processing by Google here https://policies.google.com/technologies/partner-sites?hl=de
  • Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate e.g. Google Analytics and other Google marketing services into our online offer. The tag manager itself, which implements the tags, does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information on Google services, usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html
  • Salesforce and Salesforce Pardot: Salesforce is a solution that processes data on our behalf in the sense of a processor or service provider. We use services where our website and applications run through the Salesforce platform to sell and offer our own products and services, send electronic communications or otherwise process personal data about our products and services. You can find the detailed privacy policy here: https://www.salesforce.com/de/company/privacy/

12. What data do we process on our social network pages?

We may operate pages and other online presences (“fan pages”, “channels”, “profiles” etc.) on social networks and other platforms operated by third parties. We receive this data from you and the platforms when you contact us through our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link these data with other data about you known to the platforms (e.g. on your behaviour and preferences). They also process these data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. which content they show you).

We receive data about you when you communicate with us via online presences or view our content on the corresponding platforms, visit our online presences or are active in them (e.g. publish content, submit comments). These platforms also collect from you or about you, among other things, technical data, registration data, communication data, behavioural data and preference data (for the terms, see section 3). These platforms regularly evaluate the way you interact with us, how you use our online presences, our content or other parts of the platform (what you look at, comment on, “like”, forward, etc.) and link this data to other information about you (e.g. information about age and gender and other demographic information). In this way, they also create profiles about you and statistics on the use of our online presences. They use this data and profiles to show you our or other advertising and other content on the platform in a personalised way and to control the behaviour of the platform, but also for market and user research and to provide us and other bodies with information about you and the use of our online presence. We may partially control the analyses that these platforms produce regarding the use of our online presences.
We process these data for the purposes set out in section 4 in particular for communication, for marketing purposes (including advertising on these platforms, see section 11) and for market research. You will find information on the corresponding legal basis in section 5 We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments).
For further information on the processing of the platform operators, please refer to the data protection notices of the platforms. There you will also find out in which countries they process your data, what rights of access, deletion and other data subjects you have and how you can exercise these rights or obtain further information. We currently use the following platforms:

  • Facebook: Here we operate the page www.facebook.com/pumpkinfilm. The responsible body for operating the platform for users from Europe is Facebook Ireland Ltd, Dublin, Ireland. Their data protection information is available at www.facebook.com/policy. Some of your data will be transferred to the USA. You can object to advertising here: www.facebook.com/settings?tab=ads. With regard to the data collected and processed when visiting our website for the creation of “Page Insights”, we are jointly responsible with Facebook Ireland Ltd, Dublin, Ireland. As part of Page Insights, statistics are compiled about what visitors do on our site (comment on posts, share content, etc.). This is described at www.facebook.com/legal/terms/information_about_page_insights_data. It helps us understand how our site is used and how we can improve it. We only receive anonymous, aggregated data. We have regulated our responsibilities regarding data protection in accordance with the information on www.facebook.com/legal/terms/page_controller_addendum
  • Instagram: Functions of the Instagram service are integrated into our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. You can find more information on this in Instagram’s privacy policy: http://instagram.com/about/legal/privacy/
  • LinkedIn: This website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy
  • Twitter: This website uses functions of Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you call up our pages with Twitter plug-ins, a connection is established between your browser and the Twitter servers. In the process, data is already transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not wish this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular the clicking of a “Re-Tweet” button, are also passed on to Twitter. You can find out more at https://twitter.com/privacy
  • Pinterest: On this website, we use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA (“Pinterest”). When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies. Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in the Pinterest data protection information: https://about.pinterest.com/de/privacy-policy
  • YouTube: This website uses plugins from YouTube, a site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy
  • Vimeo: Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated into this website. Each time you visit a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address are stored there. Through interactions with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there. You can find the data protection declaration for Vimeo with more detailed information on the collection and use of your data by Vimeo in the Vimeo data protection declaration. If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website. In addition, Vimeo calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo’s own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
  • Google Maps: This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors’ use of the map functions. You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal privacy settings in the Privacy Centre. Detailed instructions on managing your own data in connection with Google products can be found here.

13. Can this Privacy Policy be changed?

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

Last update: 2024-05-21