Privacy Policy

    Last updated: March 2026

    Data Protection – In Brief

    Here we explain what data we collect, what we do with it, and what options you have. Transparency is important to us – if you have questions, just get in touch!

    Who is Responsible?

    genesisfilms GmbH

    Puchsbaumgasse 1/8/1

    1100 Wien, Österreich

    E-Mail: info@genesisfilms.at

    Tel: +43 660 4954189

    What Do We Store Automatically?

    When you visit our website, our server automatically stores some technical info:

    • The URL of the page you visit
    • Your browser and operating system
    • Where you came from (referrer URL)
    • Your IP address
    • Date and time

    We automatically delete this data after two weeks. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in the secure operation of the website).

    Contact Form

    When you send us a message via our contact form, we process the following data:

    • Name
    • Email address
    • Company (optional)
    • Project description
    • Timeline (optional)

    We use this data exclusively to process your inquiry. The legal basis is Art. 6 (1) (b) GDPR (contract initiation) and Art. 6 (1) (f) GDPR (legitimate interest in responding to inquiries). Your inquiry is stored for 2 years and then deleted.

    Project Inquiry Form

    When you use our extended project inquiry form, the following data is collected in addition to the contact form data:

    • Type of project (e.g., commercial, music video)
    • Budget range
    • Desired timeline
    • Phone number (optional)
    • Project-specific questions and answers

    The legal basis is Art. 6 (1) (b) GDPR (contract initiation). This data is stored for 2 years.

    Customer Portal

    We offer a password-protected customer portal for our clients. There, videos can be reviewed, offers viewed, and approvals granted. We process the following data:

    • Name of the logged-in user
    • Review comments and timestamps
    • Approval status and name of the approving person
    • Session data in the browser (sessionStorage)

    The legal basis is Art. 6 (1) (b) GDPR (contract performance). Session data is stored only in the browser and deleted upon logout or when the browser is closed.

    Video Sharing with Third Parties

    Through the customer portal, videos can be shared with colleagues via email. The following data is processed:

    • Recipient's email address
    • Name of the sharing person
    • Access token (one-time direct link)

    This data is stored to enable and track access. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in collaboration with the client). The email is sent via our email service provider Resend.

    Digital Offer Acceptance

    When digitally accepting an offer through our customer portal, we additionally collect the following data to document the declaration of intent:

    • Name of the signing person
    • Timestamp of acceptance
    • IP address
    • Browser identifier (User Agent)

    The legal basis is Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in documenting contract conclusions). This data is stored for the duration of the statutory retention periods (7 years).

    Job Applications & CVs

    When you apply to us, we store your application documents (name, email, phone, CV, message) for the duration of the application process.

    Retention period: Your application data and uploaded documents (CVs) are automatically deleted after 6 months, unless you are hired or you consent to longer storage.

    Uploaded files are stored in a protected cloud storage and are only accessible to authorized staff. The legal basis is Art. 6 (1) (b) GDPR (implementation of pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in processing applications).

    Third-Party Services

    We use the following external services on our website:

    Vimeo

    We embed videos from Vimeo (Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA). When playing a video, a connection to Vimeo servers is established and your IP address is transmitted. We use the 'Do Not Track' option to minimize tracking.

    Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). Vimeo Privacy Policy

    Mapbox

    For displaying maps on our contact page, we use Mapbox (Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington, DC 20005, USA). When loading the map, your IP address is transmitted to Mapbox.

    Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). Mapbox Privacy Policy

    Google Places API

    For address input, we use the Google Places API (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When using it, search queries and IP address are transmitted to Google.

    Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). Google Privacy Policy

    Resend

    For sending transactional emails (e.g., confirmations, portal invitations, notifications), we use Resend (Resend, Inc., San Francisco, CA, USA). Email addresses and message content are transmitted to Resend.

    Legal basis: Art. 6 (1) (b) GDPR (contract performance) or Art. 6 (1) (f) GDPR (legitimate interest). Resend Privacy Policy

    Hosting & Backend

    Our website and database are hosted by Supabase (Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992). Supabase processes data on our behalf according to Art. 28 GDPR. Servers are located in the EU (Frankfurt, Germany). Uploaded files (e.g., CVs) are also stored in the EU region.

    Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). Supabase Privacy Policy

    Data Transfers to Third Countries

    Some of our service providers are based in the USA (Vimeo, Mapbox, Google, Resend). The transfer is based on:

    • EU-US Data Privacy Framework (EU Commission adequacy decision)
    • Standard Contractual Clauses according to Art. 46 (2) (c) GDPR

    We ensure that appropriate safeguards are in place for every data transfer.

    Retention Periods – Summary

    Data TypeRetention Period
    Server log data2 weeks
    Contact/project inquiries2 years
    Applications & CVs6 months
    Offer acceptance data7 years (statutory retention)
    Customer portal sessionBrowser session
    Review commentsProject duration + 1 year

    Your Rights

    According to GDPR, you have the following rights:

    • Access to your stored data (Art. 15 GDPR)
    • Correction if something's wrong (Art. 16 GDPR)
    • Deletion of your data (Art. 17 GDPR)
    • Restriction of processing (Art. 18 GDPR)
    • Data portability (Art. 20 GDPR)
    • Object to processing (Art. 21 GDPR)

    If you think we're doing something wrong, you can complain to the data protection authority: www.dsb.gv.at

    Encryption

    Our website uses HTTPS – that means your data is transmitted encrypted. Better safe than sorry!

    Cookies

    We only use technically necessary and functional cookies. We do not use tracking or marketing cookies.

    More about this in our Cookie Policy.

    Social Media

    On our website you'll also find social media elements. When you visit these pages, data may be transferred to the respective services.

    Questions?

    Just write to us: info@genesisfilms.at