Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
I. Information about us as controllers of your data
II. The rights of users and data subjects
III. Information about the data processing
We have an online presence on Twitter. In this case Twitter is a third party in control of the data processing. Please refer to the corresponding section named "Twitter" below in part III.
In case you contact us by email or by phone, please especially review the corresponding sections named "Communication by Email" and "Communication by Phone" below in part III.
The party responsible for this website (the "controller") for purposes of data protection law is:
Telephone (mobile): +491757233481
You can find the legal notice here: Legal Notice
With regard to the data processing to be described in more detail below, users and data subjects have the right
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Under Art. 21 GDPR, you have the right to object to the controller's future processing of your data pursuant to Art. 6 Para. 1 lit. e) or f) GDPR without giving any explanation. In particular, an objection to data processing for the purpose of direct advertising, profiling or automatic decision making is permissible.
If you want to object or revoke your consent to the processing of your data, just contact the controller by for example sending an email to email@example.com. Please note that any processing of your data which already happened before your objection or revocation is unaffected and still lawful. Only future processing will be affected by your objection or revocation.
Your data being processed by us will be deleted in accordance with the legal requirements as soon as it is no longer permitted for us to process it. This for example would be the case, when there is no longer any purpose or requirement for such data processing or the legal basis for such processing no longer exists. In case the legal basis was for example your consent for processing such data and you revoke your consent, then we would delete and stop processing this data.
If your data cannot be deleted, because it is required for other legally permissible purposes, the processing is restricted to these purposes and blocked from being processed for any other purposes. This could apply for example for data that must be kept for the assertion, exercise or defense of legal claims. Further information about the deletion policies of your data in each case will also be stipulated in the following sections below.
We will only transmit your data to third parties with your consent or in case we are required by law to do so. Should the law permits us to transmit your data to third parties to defend us against legal claims, we will do so if such transmission is necessary to effectively defend us. We will never sell your personal data to third parties.
For the provision of our online presence we use an internet service provider (hoster), on whose server the website is stored and who makes our site available on the Internet (hosting). The data being processed in the provision of the hosting will include all information of users, which are part of accessing and using the website. This includes the IP address necessary to access and deliver the content to browsers, and all entered data made by users within our web pages. The hosting services also include the service of sending, receiving and storing of emails. So data in regard to such emails is also being processed by our hoster (see section "Communication by Email"). The internet service provider (hoster) processes all such data on our behalf according to Art. 28 GDPR. The name and the address of the internet service provider is: webgo GmbH, Wandsbeker Zollstr. 95, 22041 Hamburg, Germany. Please refer to the following sections for further details in regard to the data processing.
For technical reasons, the following described data is sent by your internet browser to our hoster and will be collected there in log files. These server log files record the type and version of your browser and operating system, the internet service provider from which the website is accessed from, the website from which you came (referrer URL), the webpages you visited on our site, the date and time of your visit, the HTTP response status code, the amount of data transferred, as well as the IP address from which you visited our site.
The data thus collected will be temporarily stored, but not in association with any other of your data. The data will be deleted or anonymized within no more than 7 days. Only anonymized data is used after such time for statistical analysis.
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, availability, functionality, and security of our website.
The hoster also provides us with an email service, which allows the sending, receiving and storing of emails. For the provision of this email service, the email addresses of the recipients and senders as well as other information regarding the email delivery (meta information like for example the participating providers) as well as the contents of the respective emails are being processed.
The email service we use from our hoster supports the encryption of emails on the transport route using SSL/TLS, but on the route between you and our server, we cannot guarantee that other participating partners (servers, routers) in the email delivery will use or keep such encryption. Especially, the emails will be unencrypted while they are stored on such servers/routers. So unless a so-called end-to-end encryption method is used, where the content of the email itself is encrypted, we cannot guarantee the security for the transmission of email contents between you and our server.
Should you have the need to use an end-to-end encryption method, you can contact us for information by either using an alternative method of contacting us or by an email which does not inlcude your personal data except your email address.
If you contact us by email, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all. In case your request is in scope of a contract we already have with you or in case a contract results from your request, then the legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR. Otherwise the legal basis for this data processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in being able to reply to your request in a fast and efficient way.
Your data, which was collected and processed for this purpose, will be deleted once we have fully answered or otherwise completed your inquiry and there is no further legal obligation to store your data, such as if a contract resulted therefrom. In case we have replied to your email, we will keep your data for (at most) 7 days after we replied, so that we are able to process any further inqueries you have. The hoster additionally keeps a log file for the mail server. This log file contains all aforementioned data in regard to emails which were sent or received. Entries in this log file will be automatically deleted after 4 weeks. The legal basis for this processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the stability and availability of our email service.
If you contact us by phone, the data you provide will be used for the purpose of processing your request. This also includes any voice message you may leave for us. We must have this data in order to process and answer your inquiry; otherwise we will not be able to answer it in full or at all.
In case your request is in scope of a contract we already have with you or in case a contract results from your request, then the legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR. Otherwise the legal basis for this data processing is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in being able to reply to your request in a fast and efficient way.
Your data, which was collected and processed for this purpose, will be deleted once we have fully answered or otherwise completed your inquiry and there is no further legal obligation to store your data, such as if a contract resulted therefrom. In case we have replied to your inquiry, we will keep your data for (at most) 7 days after we replied, so that we are able to process any further inqueries you have.
The Play Along feature allows you to submit your own list of movies and join leaderboards each year to compete against other players worldwide. It also allows you and others to view your submitted lists, scores and progress in the Summer Movie Wager over the years. If you do not know what the game of the Summer Movie Wager is or what a list (of movies) for this game is, then please refer to our Help page.
Your username, which consists of max. 10 characters and can only contain letters a-z or A-Z and digits 0-9, can be freely chosen by yourself if you are at least 16 years old. The intended purpose of the username is just for you yourself to be able to access and identify your submitted entry. So you are able to use an anonymous username from which others cannot identify you by. It is recommended by us to do so. If you are not at least 16 years old, you will not be able to choose a username by yourself. Instead a random and thus anonymous username will be assigned to your list. In all such cases where an anonymous username is used, it will not be part of your personal data and thus the following legal information about how we process your personal data will not apply to your anonymous username.
After you submitted your list under your chosen or assigned username, you will be able to create bookmarks (links) using your browser. Notice that such links will include your username. Other users of this website, who do not know your username and who do not have access to your link, will not see yourself to be included on the main page or the "All Time" result page as an additional player. But notice that anyone who has access to your username (for example: by knowing or guessing your username), can view your list and scores. This also means that they themselves can add you as an additional player to their scoreboard, charts and list of players. So in such a case your username, list and scores would also be displayed to these users on this webseite. Every user can create such a pool of players and each user can add every other player by their username alone. Every username in such a pool of players whould be included in bookmarks (links) you would create using your browser.
When submitting your list you will be able to decide, if you want to join a leaderboard with your list this year or not. If you join one of the leaderboards your username, list and scores will be made available for everyone to see on a publicly available listing on this website (the leaderboard). For each game (year) we have separate leaderboards. Notice that every user will also be able to include you in his pool of players using a button at your entry in the leaderboards.
So your username will be publicly displayed on this website to everyone worldwide for the purpose of using the Play Along feature, as we do not restrict access to this website by for example the location of users. Before your submission, we explicitly ask for your consent to display (transfer) your username for the purpose of using the Play Along feature to countries, in which risks exist due to the absence of an adequacy decision (Art. 45 GDPR) and appropriate safeguards (Art. 46 GDPR). The legal basis for displaying (transmitting) your username as such is Art. 49 Para. 1 lit. a) GDPR. As your username is plublicly displayed on this website to everyone worldwide, your username will no longer be exclusively controlled by us and can be processed by others. So the risks we are talking about here, is that others (third parties) in any country of the world can view your username on this website, and they bascially could process your username in any (even unlawfull) way, and we might not be able to stop them from doing that, as some required legal means or data protection laws are not present or adhered to in every country of the world. The data processing we can control is then limited to this website, as others still cannot edit, delete, restrict or block your username on this website. You can use an anonymous username and thus exlcude any risks in that regard. Notice that we do not need to ask for your consent if an anonymous username was assigend to you in case you are under the age of 16, because in such case the randomly generated username is not a personal data.
You may revoke your consent to transmit your username at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is to inform us that you are revoking your consent (for example by sending an email to firstname.lastname@example.org) and we will stop displaying (transmitting) your username by (depending on your request) either anonymizing it or by deleting your submitted entry including your username.
When submitting your list you can also optionally provide us an email address. This email address will not be made available to others. We process your email address, so that we might contact you in case of problems or in case you finish at a high place in the leaderboards to congratulate you. You will not be able to provide us an email address if you are under the age of 16.
The date and time (timestamp) at which you submitted your list will also be processed, so that we can check, if your submission was before the deadline. If your submission is before the deadline, it can be included in the leaderboards. This can be done upon your request even retroactively.
Before you can submit your entry, consisting of your username, list of movies, date and time (timestamp) of your submission and optionally your email address, your consent will be obtained for the processing of this data for the purpose of using the Play Along feature. Thus such processed data also includes the fact, that you gave us the consent as someone who is at least 16 years old. Thus Art. 6 Para. 1 lit. a) GDPR is the legal basis for the processing of this data. Notice that this paragraph does not apply in case you are under the age of 16, as in such case your entry does not include any personal data.
You may revoke your consent to the processing of your personal data at any time under Art. 7 Para. 3 GDPR with future effect. All you have to do is to inform us that you are revoking your consent (for example by sending an email to email@example.com) and this data will be deleted.
Otherwise we plan to keep a complete history of all wagers over the years. So your submitted entries, your scores and your placement in the leaderboards will be kept permanently on this site until we decide to no longer keep all submissions and delete them.
Form all submitted entries we might also create aggregated and anonymized statistics, which for example could be about how often a certain movie was picked in submitted lists or what the total amount of submissions were in any given year.
You have the option to use Google Authenticator to secure a username exclusively for your own use on this site. This feature is completely optional. You do not have to use Google Authenticator at all. Google Authenticator is an application provided by Google. Responsible in terms of data processing for people in the EU/EWR and Swiss is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is responsible.
Should you use Google Authenticator, then this website will create an image (QR-Code) and a text (key), which can be scanned or manually entered into Google Authenticator. The generated key will then also be stored on this site so that we can authenticate your provided codes generated by Google Authenticator.
We would also like to point out that using Google Authenticator might cause user data to be processed outside the European Union, particularly in the United States.
We maintain an online presence on Twitter. Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94107, USA. For persons outside the United States of America the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is responsible for the data processing.
We would also like to point out that clicking on links to Twitter or using Twitter might cause user data to be processed outside the European Union, particularly in the United States.
In some places on this website we have links or buttons to our Twitter profile. We are using the Twitter icon for these elements. Such graphics are stored on our own server. This prevents the automatic connection to the servers of Twitter. Only by clicking on the corresponding graphic or link will you be forwarded to the service/network of Twitter.
We take organizational, contractual and technical security measures according to the current state of the art, to ensure that the provisions of the data protection laws are complied with, and that we thus protect the data processed by us against accidental or intentional manipulation, partial or complete loss, destruction or against the unauthorized access by third parties. In particular, the security measures include the encrypted transmission of data between your browser (client) and our server using SSL/TLS.