DE EN
DE EN

Privacy Policy

We process personal data only as needed to provide you with a functional website. This policy describes what data is collected, who processes it, and what rights you have.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

bce films & more GmbH
Bettina Ehrhardt
Occamstrasse 6
80802 Munich
Germany

Phone: +49 173 200 33 66
Email: bce@bcefilms.com

Further details can be found in the Legal Notice.

2. Your rights

At any time, you have the right to:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time, with effect for the future (Art. 7 (3) GDPR)

To exercise these rights, an informal email to bce@bcefilms.com is sufficient.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

3. Hosting and server log files

This website is hosted by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. The servers are located in the European Union. We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR.

Each time the website is accessed, the server automatically records the following technical data in so-called server log files:

  • IP address (truncated or deleted after a short period)
  • Date and time of access
  • Page or file requested
  • Volume of data transferred
  • HTTP status code
  • Browser type and version, operating system
  • Referrer URL (previously visited page)

This data is used solely for technical operation, security and error analysis. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in the secure and stable operation of the website). The data is not merged with other data sources and is not analysed on a personal level.

4. Cookies

This website does not set cookies of its own. No tracking or advertising cookies are used. The only possible exception: embedded third-party content (e.g. Vimeo videos) may set its own cookies when played — details below in the relevant sections.

5. Contact form

If you contact us via the contact form or by email, we process the data you provide (name, email address, message) solely to handle your enquiry. The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to enquiries).

Form submissions are technically processed by the service provider Web3Forms (operated by Web3Forms, Inc., USA). Web3Forms forwards your message to our email address without storing it. Your IP address and the form data are briefly processed during this transmission.

Because Web3Forms is operated in the USA, data is transferred to a third country. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF) and, where applicable, supplementary Standard Contractual Clauses pursuant to Art. 46 GDPR.

Provider's privacy notice: https://web3forms.com/privacy-policy

Your enquiry will be deleted once it has been fully processed, provided no statutory retention obligations apply.

6. Audience analytics with Umami

We use Umami, a privacy-friendly analytics tool, to evaluate the use of our website. The provider is Umami Software, Inc., 2261 Market Street #4509, San Francisco, CA 94114, USA.

Umami works entirely without cookies and without collecting personal data. No IP addresses are stored, no device IDs are assigned, and no profiles are created. Recognition of individual visitors is not possible.

Only aggregated, anonymous data is collected — such as page views, country of origin (country level), browser type and screen resolution. This data is used solely to improve the content and structure of the website.

We use Umami's hosted cloud service (free tier). Data is processed on the provider's servers in the United States. The terms governing data processing on our behalf follow from the provider's published contractual terms (see https://umami.is/dpa).

Processing in the United States constitutes a data transfer to a third country. Umami Software, Inc. provides appropriate safeguards pursuant to Art. 46 GDPR; to the extent that the company is certified under the EU-US Data Privacy Framework (DPF), the transfer additionally takes place on that basis. Further details can be found in the provider's privacy policy.

The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in privacy-friendly, anonymous audience measurement). Since no personal data is collected, consent is not required.

Further information: https://umami.is/privacy

7. Embedded videos (Vimeo)

On individual pages of this website, we embed videos from the Vimeo platform. The provider is Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

We use Vimeo in its "Do Not Track" mode. According to Vimeo, in this mode it does not use tracking cookies and does not analyse your user behaviour for advertising purposes. However, a connection to Vimeo's servers is still established as soon as you visit a page with an embedded video — this is technically necessary in order to display the video.

The following data is transmitted to Vimeo at a minimum:

  • Your IP address
  • Date and time of access
  • The page on our site that was accessed
  • Technical information about your browser and operating system

If you are logged in to Vimeo at the same time, Vimeo may assign this information to your user account. You can prevent this by logging out of Vimeo before visiting our website.

Because Vimeo is operated in the USA, data is transferred to a third country. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF) and, where applicable, supplementary Standard Contractual Clauses pursuant to Art. 46 GDPR.

The legal basis for embedding is Art. 6 (1) lit. f GDPR (legitimate interest in presenting our film work in an appealing way).

Vimeo's privacy policy: https://vimeo.com/privacy

8. Embedded videos (YouTube)

On individual pages of this website, we embed videos from the YouTube platform. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We embed YouTube exclusively via the youtube-nocookie.com domain in the so-called "privacy-enhanced mode". According to YouTube, no cookies are set in this mode as long as you do not start the video. However, a connection to Google's servers is still established as soon as you visit a page with an embedded video — this is technically necessary to load the preview image and the player.

The following data is transmitted to Google at a minimum:

  • Your IP address
  • Date and time of access
  • The page on our site that was accessed
  • Technical information about your browser and operating system

As soon as you start a video, YouTube sets additional cookies and transmits further usage data to Google. If you are logged in to Google at the same time, Google may assign this information to your user account. You can prevent this by logging out of Google before visiting our website.

Because Google also transfers data to the USA, data is transferred to a third country. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF) and, where applicable, supplementary Standard Contractual Clauses pursuant to Art. 46 GDPR.

The legal basis for embedding is Art. 6 (1) lit. f GDPR (legitimate interest in presenting our film work in an appealing way).

Google's privacy policy: https://policies.google.com/privacy

9. Links to social networks

Our website contains links to our profiles on Instagram, Facebook, YouTube and Substack. These links are implemented as plain hyperlinks or icons — there is no direct embedding of these services. Only when you click on one of these links are you redirected to the provider's site and data is transmitted to the provider.

For the data processing that takes place on the platforms themselves, the respective providers alone are responsible:

  • Instagram & Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland — Privacy Policy
  • YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — Privacy Policy
  • Substack: Substack Inc., San Francisco, USA — Privacy Policy

10. Fonts

This website uses the typeface Nunito Sans. This font is served locally from our own server. No connection is made to external font services (such as Google Fonts). No data is transmitted to third parties in this context when you visit our site.

11. Data security

Your data is transmitted encrypted via HTTPS (TLS). We take technical and organisational measures to protect your data against loss, manipulation and unauthorised access. Our security measures are continuously updated in line with technical developments.

12. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy should legal requirements or the services used on the website change. The current version is always available on this page.

Last updated: May 2026