The DOX BOX Data Policy

for all online services (last update 05/12/2018)

  1. General information regarding data processing and legal grounds

1.1. This Data Policy informs you which personal data is collected when visiting our websites as part of our online offer and the websites associated with it, and how the data is used. You have the right to receive information on request and free of charge at any time about the personal data we have stored about you.

1.2. This Data Policy applies to the use of the websites dox-box.org, community.dox-box.org, documentary-convention.org, hereinafter referred to as “websites”. The operators of these websites take the protection of your personal data very seriously. We will treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Data Policy.

1.3. The personal data of the users which is processed as part of the online offer includes user data (e.g. names and addresses of users), usage data (e.g. the visited websites of our online offer, interest in our programmes) and content data (e.g. information entered in contact forms).

1.4. The term “users” covers all categories of the data processing of affected persons. This includes our partners, financiers, grantees, interested parties, and other visitors to our online services.

1.5. We would like to point out that data transmission on the internet (e.g. as part of communication via email) may have security gaps. Full protection of the data against access by third parties is not possible.

  1. Security measures

2.1. We adopt organisational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and to protect the data which is processed by us against accidental or deliberate manipulation, loss, destruction, or against access by unauthorised persons.

2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

  1. Distribution of data to third parties and third party providers

3.1. Distribution of data to third parties only takes place on the basis of legal regulations. We shall only pass on the data of the users to third parties if the users have given their consent to the distribution (Art. 6 (1) a EU GDPR), if it is required for contractual purposes (Art. 6 (1) b EU GDPR), for compliance with legal obligations (Art. 6 (1) c EU GDPR), in order to protect the vital interests of the users (Art. 6 (1) d EU GDPR), or on the basis of legitimate interests in order to assure effective operations of our organisational activities (Art. 6 (1) c EU GDPR).

3.2. If we use subcontractors in order to provide our services, we shall take suitable legal measures and corresponding technical and organisational measures in order to ensure the protection of the personal data in accordance with relevant statutory regulations.

3.3. If as part of this Data Policy we use content tools or other means from other providers (hereinafter referred to jointly as “third party providers”) and their named headquarters are situated in a third country, it is to be assumed that a data transfer will take place in the countries of the headquarters of the third party provider. Third countries are to be understood as countries, in which the GDPR is not a directly applicable law, which generally means countries outside the EU or the European Economic Area. The transfer of data to third countries takes place if there is an appropriate level of data protection, consent of the users or another form of legal permission.

  1. Collection of access data and log files by our hosting partner 1&1 IONOS

4.1. For its websites dox-box.org and documentary-convention.org, DOX BOX uses the web hosting service 1&1 IONOS SE, Elgendorfer Str. 57, D-56410 Montabaur, Germany. The web server used is situated in Germany. If you visit one of the aforementioned websites, your internet browser automatically sends data to our web server. The following data is automatically collected and stored:

  • Referrer URL
  • Requested website or file
  • Browser type and version
  • Operating system used
  • Type of device used
  • Date and time of the retrieval
  • IP address in anonymous form (used only to determine the location of access)

All collected data is anonymized directly at the time of the collection.

4.2. The data is collected by our web hosting partner in order to ensure the security and stability of the offer and to provide the website visitors with the highest level of quality. It is saved for a period of 8 weeks and is not disclosed to third parties. 1&1 Ionos will not transfer user data to third countries.

4.3. DOX BOX and 1&1 IONOS have signed a data processing agreement thereby regulating mutual obligations with regards to data processing and protection.

  1. Collection of access data and log files by our hosting partner freistil IT Ltd

5.1. For its members-only online Community Portal (community.dox-box.org), DOX BOX uses the web hosting service freistilbox by freistil IT Ltd, 13 Baggot Street Upper, 2nd Floor, Dublin D04 W7K5, Ireland. The web server used is situated in Germany. If you visit the DOX BOX Community Portal, your internet browser automatically sends data to our web server. The following data is automatically collected and stored:

  • Referrer URL
  • Requested website or file
  • Browser type and version
  • Operating system used
  • Type of device used
  • Date and time of the retrieval
  • IP address in anonymous form (used only to determine the location of access)

All collected data which is protected by privacy regulations is anonymized within 7 days after collection.

5.2. The data is collected in system logs by our web hosting partner in order to ensure the security and stability of the offer and to provide the website visitors with the highest level of quality. It is saved for a period of maximum 2 months and is not disclosed to third parties. freistil IT will not transfer user data of our server to third countries.

5.3. DOX BOX and freistil IT have signed a data processing agreement thereby regulating mutual obligations with regards to data processing and protection.

  1. Cookies

6.1. Cookies are information transferred from our web server or the web servers of third parties to the web browser of the users and stored there for later access. Cookies can be small files or other types of information storage.

6.2. We use “session cookies” that are only stored for the duration of the current visit to our website (e.g. in order to store your login status and therefore enable the use of our online offer). In a Session Cookie a unique, randomly generated identification number is stored, known as a “session ID“. Furthermore, a Cookie contains information about its origin and the storage period. These cookies are not able to store any other data. Session cookies are deleted when you have ended the use of our online offer and, for example, logged out or closed the browser.

6.3. The users shall be informed about the use of cookies in the course of pseudonymous reach measurement as part of this Data Policy (see statistical analysis with Google Analytics, Sect. 7 of this Data Policy).

6.4. If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the browser settings. Stored cookies can be deleted in the browser settings. Blocking cookies can lead to functional limitations of the online offer.

  1. Statistical analysis with Google Analytics

7.1. We use, on the basis of our legitimate interests (which means interest in the analysis, optimisation and handling of our online services pursuant to Art. 6 (1) f of the GDPR), the web analytics service Google Analytics for the statistical analysis of user access. Google Analytics is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

7.2. Google Analytics uses Cookies to analyse the website use. Information generated by Cookies regarding the usage of this website is transferred to a server by Google in the USA where it is stored. In the event that personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield. IP addresses are shortened before any analysis of user statistics so that no conclusions about user identity can be drawn. To ensure that the collection of IP-addresses is anonymous, Google Analytics has been extended by the code ‘anonymizeIp’ on our website.

7.3. Google uses the information collected via Cookies to analyse the usage of our website and to create reports about the website activities. In addition, Google might share this information with third parties as far as they are legally bound to do so or as far as third parties are commissioned by Google to process this data. You can prevent the installation of Cookies with a specific setting in your browser software; however, doing so may limit the functionalities of some parts of the website.

7.4. Furthermore, you can prevent Cookies from collecting data regarding your usage of this website (including your IP-address) as well as the processing of this data by Google by installing the Google Analytics Opt-Out Browser Add-on, which is downloadable here:  https://tools.google.com/dlpage/gaoptout.

The add-on is compatible with Chrome, Internet Explorer 11, Safari, Firefox, and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. You can read more about the opt-out browser add-on here: https://support.google.com/analytics/answer/181881?hl=en.

We would like to point out to you that in this case it is possible that you will not be able to use all functions of our websites in full.

7.5. Alternatively to browser Plug-ins or within browsers on mobile devices, an Opt-Out-Cookie can also be set to block the collection of data by Google Analytics on this website during future visits (the Opt-Out will only be valid for this domain and this browser). When the Cookies are deleted in this browser, the Opt-Out has to be set up again. LINK

More information on data protection can be found in the Data Privacy and Security by Google Analytics and the Privacy Policy by Google.
Click here to opt-out.

  1. Establishing contact

8.1. When establishing contact with us (by contact form or email) the user information is processed in order to deal with the contact request and its handling in accordance with Art. 6 (1) b of the EU GDPR.

8.2. Your information from our enquiry forms, including the contact details provided by you, shall be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

  1. Registration and use of our online services

9.1. We process user data (e.g. names, contact details, age, nationality, country of residence, and profession), for the purpose of the fulfilment of our contractual obligations and services in accordance with Art. 6 (1) b of the EU GDPR.

9.2. Users have the option of setting up a user account on the DOX BOX Community Portal. This is necessary in order to enjoy the services and benefits offered on our Community Portal like the Docupedia, Film Library, contacting other Community users, contributing to the content, among many others. As part of the registration process, the required mandatory information of users shall be communicated. User accounts are not public and cannot be indexed by search engines. Accordingly, personal user data is not publicly accessible outside the closed members-only Community Platform.

9.3. We require personal data for the following purposes:

  • Granting access to the Community portal including all services and benefits offered there
  • Processing applications for our support schemes like the Residency, the E-Course and others
  • Collecting statistical data

9.4. If you are registered on our Community Portal, you can access content and services which we exclusively offer to registered users. Users of the Community portal furthermore have the opportunity to present themselves by sharing their professional biography or other personal data in their profiles, which will only be visible to other registered users on the exclusive membership platform. This information can be changed and deleted by the users at any time. However, mandatory data provided at registration (see 9.1.) cannot be changed or deleted. In order to contact us in this regard, please use the contact details provided at the end of this Data Policy.

9.5. If for any reason you should be required to provide the personal data of third parties, you need to ensure in advance that you have the consent of the affected person(s) to provide this data to us.

9.6. The user data shall be treated confidentially by us and stored on secure servers. Personal data, which you submit to us via forms (e.g. contact or application forms), will be automatically forwarded and processed to us via email. It is then stored on our email server.

9.7. As part of the registration and repeated logins and the use of our online services, we store the IP address and the time of the respective user action. The storage takes place to protect our services against abuse and other unauthorised use. Distribution of this data to third parties does not take place as a matter of principle, unless it is required to pursue our claims or a legal obligation for this exists in accordance with Art. 6 (1) c of the GDPR.

9.8.  Contributing to our closed members-only Community Portal is possible only for registered and verified users and only visible for other registered users. Within this framework, the contributors’ full names as entered at the time of registration will always be visible to other signed-in users as long as the content is shared on the Portal.

9.9. Unless otherwise agreed, the consent for the storage of the data applies until the expiry of the validity of this guideline. Users of our website shall be automatically once again asked to give their consent following expiry of this period or in the event of changes to this guideline.

9.10. If users have terminated their user account, their account data shall be deleted immediately unless a further storage is required for legal requirements (Art. 6 (1) c EU GDPR) or for the fulfillment of our legitimate interests (Art. 6 (1) f EU GDPR). It is the responsibility of the users to back-up their data in the event of termination. We are entitled to irretrievably delete all data of the user stored during the term of the agreement.

  1. Integration of Script libraries like Google Webfonts and Adobe Typekit

10.1. In order to show our content correctly in all browsers and in a graphically appealing manner, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) and Adobe Typekit (https://typekit.com/) on some of our websites. These script libraries are transferred into the cache of your browser to avoid multiple loading. If the browser does not support Google Webfonts and/or Adobe Typekit, or prevents access, content is shown in a standard font. The retrieval of script libraries or font libraries automatically produces a connection to the library operator.

10.2. You can find the data protection guideline of the script library operator Google here: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/.

10.3. You can find the data protection guideline of the script library operator Adobe here: https://www.adobe.com/be_en/privacy/policy.html; privacy choices and opt-out: https://www.adobe.com/be_en/privacy/opt-out.html.

  1. Integration of Google Maps

11.1. Some of our websites use maps from the service “Google Maps” of the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to present geographical information visually (e.g. an overview of the location of the Documentary Convention). When using Google Maps, data about the use of the map functions by visitors is also collected, processed and used by Google. You can find further information about the data processing by Google in the Google data protection notice. You can also change your personal data protection settings in the data protection centre. Data Policy: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/

  1. Embedded YouTube videos

12.1. On some of our websites we embed YouTube videos. The operator of the corresponding plug-in is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a website with the YouTube plug-in, a connection to the YouTube servers is established. In the process YouTube is notified about which sites you visit. If you are logged into your YouTube account, YouTube can personally identify your surfing behaviour. You can prevent this by logging out of your YouTube account in advance.

12.2. If a YouTube video is launched, the provider uses cookies which collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ad Program will not have to anticipate any of these types of cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in your browser. You can find further information about the use of user data in the Data Policy of YouTube at: https://www.google.de/intl/de/policies/privacy/

  1. Embedded Vimeo videos

13.1. On some of our websites we embed Vimeo videos. Vimeo is operated by Vimeo, LLC with headquarters in 555 West 18th Street, New York, New York 10011, USA. When you visit a website with a Vimeo plug-in, a connection to the Vimeo server is established and the plug-in is displayed. Through this, the Vimeo server receives information about which of our websites you have visited. If you are logged in as a member of Vimeo, Vimeo links this information to your personal user account. When using the plug-in, for example by clicking the start button of a video, this information is also linked to your user account. You can prevent this information from being linked by signing out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies. You can find more information about the data processing and data protection of Vimeo at: https://vimeo.com/privacy.

  1. User rights

14.1. Users have, at any time, the right to request information free of charge about the personal data we store about them.

14.2. In addition, the users have the right to correct incorrect data, restrict data processing, and delete their personal data.

14.3. Users can also revoke consent, always with implications for the future.

14.4. If you would like information about your personal data, data correction, or deletion, please contact our Data Protection Officer at

DOX BOX e.V., Turmstr. 70, D-10551 Berlin, Germany, Telephone: +49 30 40751383, Email: dataprotection@dox-box.org

  1. Right of objection

15.1. Users can object to the future processing of their personal data in accordance with legal requirements at any time. The objection can be pronounced in particular against the processing for purposes of direct advertising.

  1. Changes to the Data Policy

16.1. We reserve the right to change the Data Policy in order to adapt it to altered legal situations, or in the event of changes to the services we provide as well as to data processing itself. However, this only applies with regard to declarations about data processing. If user consent is required or integral parts of the Data Policy contain provisions of the contractual relationship with the users, the changes take place only with user consent.

16.2. DOX BOX asks all users to regularly familiarise themselves with the contents of this Data Policy.