In this privacy policy, we explain what personal data (hereinafter also referred to as “data”) we process, for what purposes we do so, and to what extent the processing takes place. This information applies to all processing operations involving personal data in connection with our services and our online presence. This includes, in particular, our websites, mobile applications, and our presence on external platforms, such as social networks (hereinafter collectively referred to as “online offering”). All terms used apply equally to all genders.
This privacy policy applies to all websites and online offerings operated by us on which it is published. It provides information about the processing of personal data in connection with the use of these online offerings. Linked websites of other providers are subject to their own data protection regulations. We have no influence on data processing by third parties on external websites.
The responsibility for the processing of your personal data in connection with this online offering lies with the company named below. This company decides on the purposes and means of data processing:
extainia UG (limited liability)For all questions relating to the protection of your personal data and the exercise of your data protection-related rights, our data protection officer is available as your contact person:
DATENDO GmbHWe only process our users' personal data to the extent necessary to provide a functional website and our content and services. Processing is only carried out on the basis of legal permission or with the consent of the person concerned. Personal data is processed in particular:
If we obtain your consent for certain processing operations, the processing will only be carried out on the basis of this consent and exclusively for the purposes specified therein. Consent that has been given can be revoked at any time with effect for the future.
We take extensive technical and organizational security measures to protect your personal data as best as possible against loss, destruction, unauthorized access, alteration, or dissemination. Access to our systems is restricted to authorized persons only. These persons are obliged to treat personal data confidentially and receive regular training in data protection. Our systems are protected against attacks and malware by up-to-date firewalls and antivirus programs. Personal data is backed up regularly to ensure data integrity and enable rapid recovery in the event of data loss. Our security measures are continuously improved in line with technological developments. We use modern encryption methods, in particular SSL/TLS, for the transmission of data in order to prevent unauthorized access during transmission. However, despite all due care, complete security cannot be guaranteed for data transmission over the Internet.
We use the services of external hosting providers to operate this website. The hosting provider provides the technical infrastructure for website operation, in particular server capacity, storage space, database services, security services, and maintenance services. As part of the provision of these services, all data relating to visits to our website is processed, in particular access data (e.g., IP address, date and time of access, browser information, referrer URL, pages and files accessed), as well as meta and communication data. Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the secure and efficient provision of our online services. Contracts for order processing in accordance with Art. 28 GDPR have been concluded with the hosting providers, which ensure that the data is processed in compliance with data protection regulations. Hosting is currently provided by: Combell NV, Skaldenstraat 121, 9042 Gent, Belgium.
When you visit our website, the browser used on your device automatically sends information to our website's server and temporarily stores it in so-called server log files. Among other things, the IP address of the requesting device, the date and time of access, the URL accessed, the previously visited website (referrer URL), the browser and operating system used, and other technical information are recorded. This data is processed to ensure a smooth connection to the website, for system security and stability, and for administrative purposes. The log files are stored on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR, in particular to ensure the functionality of the website and to defend against attacks. This data is not merged with other data sources. The log files are usually deleted automatically after 30 days at the latest, unless longer storage is necessary in individual cases for evidence purposes.
Your personal data will only be passed on to third parties if this is necessary to fulfill contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests, provided that your interests worthy of protection do not conflict with this. We also use external service providers (e.g., IT service providers, hosting providers) to perform certain tasks in the context of data processing. These service providers are carefully selected by us, contractually bound in accordance with Art. 28 GDPR, and process the data exclusively on our instructions. Any further transfer of personal data to recipients outside our company will only take place if permitted or required by law, for example to authorities, tax advisors, banks, payment service providers, collection agencies, or legal advisors.
Personal data will only be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) if this is necessary to fulfill contractual or legal obligations, if you have expressly consented to this, or if another legal basis permits this. In these cases, we ensure that an adequate level of data protection is guaranteed for the respective third country. This can be ensured by an adequacy decision of the European Commission (e.g., in the case of the USA, by the EU-U.S. Data Privacy Framework), by appropriate safeguards in accordance with Art. 46 GDPR, such as, in particular, the conclusion of standard contractual clauses of the European Commission, or by further protective measures. A transfer will only take place if the respective requirements are met and adequate protection of the personal data is guaranteed.
We only store personal data for as long as is necessary to fulfill the respective purposes for which it was collected, or for as long as statutory retention periods require storage. Once the respective purpose no longer applies or the statutory periods have expired, the data will be deleted or blocked in accordance with the statutory provisions. Deletion takes place in particular if the data is no longer required for the purposes pursued, if you have revoked your consent or if you have legitimately objected to further processing, provided that no overriding legal retention obligations prevent this. Statutory retention periods may arise in particular from commercial and tax law regulations and are generally between six and ten years. Further information on the applicable storage and deletion periods can be found in the specific data protection information for the respective processing activities.
In the course of our business activities, we rely on the support of external service providers to provide our services, provide technical support for our systems, manage our IT infrastructure, and carry out administrative processes. These include, in particular, IT service providers, software providers, data center operators, technical support service providers, and maintenance and service partners. These service providers only have access to personal data to the extent necessary to perform their respective tasks. If these service providers process personal data on our behalf, they are commissioned exclusively on the basis of corresponding data processing agreements in accordance with Art. 28 GDPR. The processing of the data is strictly bound by instructions and in compliance with all data protection regulations. Personal data will only be transferred to other recipients if this is required by law, necessary for the execution of contracts, if you have given your prior consent, or if it is permissible on the basis of our legitimate interests in individual cases. Processing in third countries only takes place in compliance with legal requirements, in particular with the application of appropriate safeguards in accordance with Art. 44 ff. GDPR (e.g., EU standard contractual clauses or adequacy decisions).
We use the WordPress content management system to operate and manage our website. WordPress is free software for creating and maintaining websites, which is operated on our own web server or by our hosting provider. When you visit our website, the server automatically processes certain technical information in order to deliver the page correctly. This includes, among other things:
This data is temporarily stored in so-called log files and processed exclusively to ensure technical operation, to defend against attacks, and for administrative purposes.
No evaluation for marketing purposes takes place. Processing is based on our legitimate interest in the stable, secure, and user-friendly provision of our website in accordance with Art. 6 (1) (f) GDPR. WordPress itself does not process any personal data of website visitors without additional extensions. If plugins or additional functions are used that collect or store data (e.g., contact forms, security functions, analysis tools), this will be indicated separately in this privacy policy.
If you, as a film production company or other organization or individual, submit a request to use our app via our website, we will process the personal data you provide (e.g., last name, first name, email address, phone number, company affiliation, position). This data will be used exclusively to process your request, to contact you, and, if necessary, to prepare the booking of our app. The legal basis for the processing is Art. 6 (1) (b) GDPR, insofar as the processing is necessary for the implementation of pre-contractual measures that are carried out at your request. If the processing is carried out on a voluntary basis (e.g., for optional information), it is based on your consent in accordance with Art. 6 (1) (a) GDPR. The data collected via the inquiry form will not be passed on to third parties unless we are legally obliged to do so. Once your inquiry has been processed, we will delete the data unless there are legal obligations to retain it. Further information on data protection can be found in the separate document “Data protection information for customers,” which will be made available to you when your data is collected. To ensure transparency, a note is included above the send button in the request form, confirming that you have read and understood the privacy policy and the supplementary data protection information.
Our app is used by film production companies to manage project-related activities (e.g., working hours, absences, organizational processes) of their employees. The responsibility for data protection for this processing lies with the respective film production company, which decides on the purposes and means of data processing. We ourselves merely provide the technical platform and act exclusively as a processor within the meaning of Art. 28 GDPR. This means that we only process personal data in accordance with the documented instructions of the respective production company and do not pursue our own purposes with this data. To ensure the lawful handling of personal data, a contract for order processing is concluded with each production company. This contract bindingly regulates the rights and obligations of both parties. Among other things, it stipulates that we take appropriate technical and organizational measures to protect the data, that the production company retains responsibility for data protection, and that processing only takes place within the scope of the agreed purposes.
Our app is available via both the Apple App Store (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) and the Google Play Store (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a company of Google LLC, USA).
An Apple or Google user account is required to download and install the app. Apple and Google process personal data (e.g., name, email address, payment information, device identifiers, app usage statistics, location data if applicable) under their own data protection responsibility. We have no influence on this data processing. The respective platform provider is solely responsible. For more information, please refer to the privacy policies of Apple and Google.
Our app is available for download via external platforms (Apple App Store and Google Play Store). To access these stores, you need your own user account with Apple or Google. The associated processing of personal data (e.g., account data, device identifiers, payment information, usage statistics) is the sole responsibility of the respective provider. We have no influence on the type and scope of this data processing. Please note that Apple Inc. and Google LLC are independently responsible under the GDPR for all processing operations related to the management of an Apple or Google user account and the download and installation of the app from the respective store.
Our app is provided via the Apple App Store of Apple Inc. (One Apple Park Way, Cupertino, CA 95014, USA). A user account with Apple (Apple ID) is required to download and install the app. In this context, Apple processes personal data over the scope and processing of which we have no influence. This applies in particular to data such as name, email address, device identifiers, payment information, app usage statistics, and, if applicable, location data if you have activated the corresponding functions on your device. Apple Inc. is solely responsible for this data processing. Information on this can be found in Apple's privacy policy: https://www.apple.com/legal/privacy/de-ww/.
Our app is provided via the Google Play Store of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), a company of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). A Google user account is required to download and install the app. In this context, Google processes personal data over which we have no influence in terms of scope and processing. This applies in particular to data such as name, email address, device identifiers, payment information, app usage statistics, and, if applicable, location data if you have activated the corresponding functions on your device. Google is solely responsible for this data processing. For more information, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.
Before login or without an active production company: We are responsible for the data generated in connection with the use of the app, insofar as it concerns technical information such as error logs, log data, device information, or support requests.
From login within a production company: As soon as you log into the app as a member of a production team via a production company, that production company is responsible for processing your working time and project-related data. We then process this data exclusively on behalf of the production company on the basis of a data processing agreement in accordance with Art. 28 GDPR. Information on the purpose, scope, and duration of the processing can be obtained from the respective production company.
We maintain a company profile on the LinkedIn platform, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you visit our profile, LinkedIn processes users' personal data (e.g., profile and interaction data) under its own responsibility for data protection in order to provide us with statistical evaluations of the use of our profile (“Page Insights”). We have no influence on the data processing by LinkedIn. We only process the data that you provide to us in connection with contacting us via LinkedIn (e.g., name, position, contact details, content of the message), and exclusively for the purpose of processing your request or contacting you. The legal basis is Art. 6 (1) (f) GDPR (our legitimate interest in communication and public relations). Further information can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
Automated decision-making, including profiling in accordance with Art. 22 GDPR, does not take place in connection with the use of our website.
When using our website for purely informational purposes, there is generally no legal or contractual obligation to provide personal data. However, certain functions of the website can only be used if the necessary data is provided (e.g., when using forms). If data is transferred to third countries, we ensure appropriate safeguards in accordance with Art. 46 GDPR.
As a data subject, you have various rights under the General Data Protection Regulation with regard to the processing of your personal data:
The following supervisory authority is responsible for our company: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 200444, 40102 Düsseldorf, Germany, telephone: +49 (0)2 11/384 24-0, email: poststelle@ldi.nrw.de, website: https://www.ldi.nrw.de.
For reasons of better readability and comprehensibility, gender-specific differentiation is sometimes omitted in this privacy policy. All personal references apply equally to all genders in the spirit of equal treatment. This abbreviated language form does not imply any value judgment and is used solely for editorial reasons to simplify the language.
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, for example when introducing new services or functionalities on our website. The current version of the privacy policy will then apply to your next visit. The status of this privacy policy is September 2025.
The privacy policy was created using the online privacy policy generator of the external data protection officer of DATENDO GmbH.
© 2025 extainia UG (limited liability)