Notice on the handling in accordance with data protection law of personal data of attendees, partners, speakers and contractors of FMX


FMX - Film & Media Exchange is an event that is held every year by Filmakademie Baden-Württemberg GmbH. The following details are to inform attendees and speakers attending the conference as well as the partners, suppliers and service providers of FMX about the collection, processing and erasure of their personal data.

We take the protection of your personal data very seriously and we comply strictly with the provisions of data protection legislation. Personal data shall only be collected to the necessary extent. Under no circumstances shall the collected data be sold.

We shall process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (FDPA) and all other applicable laws.

You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.


1. Controller’s contact details

The controller within the meaning of the General Data Protection Regulation is:


Company: Filmakademie Baden-Württemberg GmbH
Address: Akademiehof 10
Postcode/Town: 71638 Ludwigsburg
Tel: +49 7141 969-82102


The following person has been appointed as data protection officer:
Mr. Stephan Hartinger
Coseco GmbH
Telephone: +49 8232 80988-70


2. Which sources are used to collect personal data?

We process personal data that we have received from you for staging FMX, for implementing contracts (with visitors, speakers, partners and contractors), in connection with ticket orders placed via doo (see also below), or on the basis of consent you have given.


On the other hand, we process personal data that we have legitimately obtained and may process from publicly accessible sources (e.g. authorities, trade and association, registers, press, media, internet).


Personal data means all data from which you may be identifiable. Personal data relevant to us may be: Title, surname, first name, address (street, postcode, city, country), date of birth, place of birth, nationality, contact data (in particular telephone numbers, email addresses), profession or training, tax ID, bank details, employer’s business name and address, sound and image data, film data.

3. What is your data processed for (purposes) and on what legal basis?

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (Articles 9 to 13 GDPR), the German Federal Data Protection Act (BDSG) applicable provisions of data protection laws and all other applicable laws.


  • First and foremost, the purpose of the data processing is to prepare for and actually hold FMX so that you will be able to attend, or in order for you to cooperate in connection with the event.
  • We also process your data in order to fulfil our legal obligations as your contractual partner.
  • Where necessary, we also process your data to protect our legitimate interests or those of third parties (e.g. authorities). For press reporting about FMX and for promoting FMX, Filmakademie Baden-Württemberg or third parties it has specifically commissioned or otherwise authorized (e.g. broadcasters, the press) may each make their own separate visual and audiovisual recordings, which can contain images of a speaker or other attendees as a visitor to the event. These audiovisual recordings can be processed, exploited and communicated to the public by Filmakademie Baden-Württemberg as well as by third parties which the latter has commissioned or otherwise authorized.
  • Verification whether you are eligible for a ticket discount by means of certificates such as Student ID or training contract.
  • In addition, the processing of special categories of personal data may be based on consent (e.g. hospitality management).


We will notify you in advance if we wish to process your personal data for a purpose not mentioned above.

The lawfulness of the processing of personal data is governed by Article 6 of the General Data Protection Regulation (GDPR). This regulation makes provision for the following possibilities: processing on the basis of consent (GDPR Art. 6(1)(a)); processing for performance of a contract (GDPR Art. 6(1)(b)); processing for compliance with a legal obligation (GDPR Art. 6(1)(c)); and processing for the purposes of legitimate interests (GDPR Art. 6(1)(f)).

4. Transfer of data to third parties

Within Filmakademie Baden-Württemberg GmbH, your personal data is only transmitted to the persons and positions (e.g. departments, works council, representatives of severely disabled employees) that require it to fulfil our contractual and statutory obligations.

In addition, we may transfer your personal data to other recipients outside the company if this is necessary to fulfil contractual and legal obligations. These could be, for instance:


  • Parties providing goods and services for FMX (e.g. in connection with event engineering, ticketing and access control systems, travel arrangements incl. hotel reservations and shuttle services for speakers)
  • In particular, the online platform as part of the FMX website, on which the online section of FMX is conducted (see also below). Other participants of FMX may see your personal data within the framework of the event platform.
  • Public authorities (e.g. state pension insurance institutions and other pension schemes, social insurance institutions, tax authorities, courts)
  • Banks (SEPA payment medium)

We transfer data to third parties if we need to do so in order to fulfil a contractual obligation or safeguard legitimate interests.

We transfer data to third parties insofar as you have given the necessary consent either to us or to the third party concerned.

Speakers’ names and contact details are disclosed to FMX’s members of staff and curators for the purposes of selecting program items, providing support and assistance on location, and arranging press and video interviews where the necessary consent has been given.

5. Transfer of data to third countries

We will notify you in advance (e.g. in this Transparency Information) if we transfer your personal data to so-called third countries outside the EU/EEA area.

6. Data storage period/Deletion periods

We will process and store your personal data as long as this is necessary for the fulfilment of our contractual obligations as well as for all other purposes mentioned under point 3 or as provided in the retention periods stipulated by law.


Normally, when data is no longer required for the fulfilment of contractual or legal obligations, it shall be blocked against further processing or erased in accordance with legal regulations.

7. Data subject’s data protection rights (Articles 15 to 21 GDPR)

You can use the above-mentioned address to request information (Article 15 GDPR) about the data stored about you. Furthermore, you have the right to obtain the data you have provided in a structured, commonly-used and machine-readable format. You may also, under certain conditions, request the rectification (Article 16 GDPR) or erasure (Article 17 GDPR) of your data. You also have the right to restrict the processing (Article 18 GDPR) of your data, as well as the right to data portability (Article 20 GDPR).

You have the right, on grounds relating to your particular situation, to object at any time to the processing of data concerning your person that is done on the basis of Article 6(1)(f) GDPR (data processing for the purposes of legitimate interests).

If you file an objection, your personal data will no longer be processed unless proof is furnished of compelling legitimate grounds for processing it that override your own interests, rights and freedoms, or unless the data is processed for establishing, exercising or defending legal claims.

You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons (Article 21 GDPR). This also applies for profiling to the extent that it is connected with such direct marketing. If you object to your data being processed for direct marketing purposes, then we will no longer process your personal data for these purposes. An objection can be filed without observing any particular form. Our contact details are provided in Item 1 above.

If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. In the event of an objection, we shall no longer process personal data unless we can prove compelling reasons worthy of protection for the processing that prevail over your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Right to revoke consent under data protection law (Article (7)(3) GDPR). You can revoke your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us prior to the EU General Data Protection Regulation’s entry into force.

8. Statutory or contractual provisions concerning the provision of personal data and the possible consequences of non-provision

Please note that in specific cases (e.g. tax regulations) the provision of personal data is prescribed by law or may result from contractual regulations (e.g. information concerning the contractual partner(s)).


Where can you lodge a complaint?

You have the right to lodge a complaint with the data protection officer mentioned above or to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the FDPA). The data protection supervisory authority with jurisdiction for us is:


The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstraße 10a
70173 Stuttgart


You can contact us at any time by email ( if you have any questions about your personal data.

9. Existence of automated decision-making

We do not use any automated decision making processes that may have legal effects on you or affect you.

10. Further Internet specific processing

doo GmbH

The FMX ticket shop is operated by doo GmbH, Hultschiner Straße 8, 81677 München („doo“).

To order a ticket for FMX, you must submit the following data to doo GmbH:


  • Title
  • Name and surname
  • Email address
  • Company or school affiliation
  • Job title
  • Address (Billing address)
  • Buyer VAT ID / TAX ID
  • Country
  • If applicable, certificate proving of your discount eligibility.

As an event organizer, we receive the data listed above about you. We use the data to be able to offer you the event.

The processing for this purpose is based on Art. 6 para. 1 lit. b) GDPR.

In this context, the doo GmbH privacy policy also applies. It is available at

FMX online platform

The online section of FMX is conducted on an online platform as part of the FMX website.

To participate in the online platform of FMX, the following information at a minimum is required from you and processed:


  • Name and surname
  • Email address
  • IP address and device/hardware information.


If you are a Speaker, the following data may also be processed:


  • Job title
  • Your employer
  • Biography
  • Profile picture

Other Participants of FMX may also see the personal data listed above within the framework of the event platform, e.g. under the “Speaker”, or "Companies", or "Partners" tabs on the event platform and the FMX website. Further personal data can be processed if you voluntarily provide it, e.g. by editing your profile.

The processing for this purpose is based on Art. 6 para. 1 lit. b) GDPR. If no contractual relationship exists, the legal basis is Art. 6 Sect. 1 lit. f) GDPR.


Within the framework of FMX we also use Zoom to conduct telephone conferences, online meetings, video conferences and/or webinars. Zoom is a service provided by Zoom Video Communications, Inc., which is based in the USA (“Zoom”). As far as you access the website of Zoom, Zoom is responsible for the data processing.

Various types of data are processed when using Zoom. In this context, the scope of the data also depends on the information on data you provide before or when participating in a ZOOM meeting. The following information at a minimum is required from you and processed:


  • To participate in an online meeting or to enter the “meeting room”, you must at a minimum provide your name.
  • Zoom then only processes your IP address and device/hardware information as well as your approximate location (e.g. nearest town or municipality).

In addition, the following data may be processed:


  • Meeting metadata: Topic, description with presentation or speaker details provided by the speaker (optional)
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the chat.
  • For dial-in with the telephone: information on the incoming and outgoing call number, country, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom settings.


Other Participants of the Zoom meeting may also see your personal data you have provided to Zoom.

If we want to record online meetings, we will inform you in advance in a transparent manner and - if necessary - ask for your consent.

We have concluded a Data Processing Agreement with Zoom that meets the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU Standard Contractual Clauses (SCC). As a supplementary protective measure, we have also configured our Zoom in a way that only data centers in the EU are used to conduct ZOOM meetings. Therefore, a transfer of personal data to a third country does not take place. Furthermore, all connections are subject to end-to-end encryption.

The legal basis for data processing when conducting online meetings is Art. 6 Sect. 1 lit. b) GDPR. If no contractual relationship exists, the legal basis is Art. 6 Sect. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of online meetings.

In this context, Zoom’s privacy policy also applies. It is available at