Privacy Policy

Last updated: March 2025

1. Introduction and Data Controller

Welcome to NollyFrame ("we," "our," or "us"). NollyFrame is an online platform dedicated to promoting African cinema by spotlighting powerful moments from African films — entertaining, educating, and sparking meaningful conversations about African stories and culture.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit thenollyframe.com. It applies to all visitors and users of the website.

The data controller responsible for your data is NollyFrame. If you have any questions or concerns about this policy or how we handle your data, you can contact us at: nollyframe@gmail.com

This website is operated under the laws of the Federal Republic of Germany and we comply with the General Data Protection Regulation (GDPR) and applicable German data protection law (Bundesdatenschutzgesetz — BDSG).

2. Data We Collect

NollyFrame does not require you to create an account or register to browse the website. We collect limited data automatically when you visit:

  • Server log data — Your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit. This data is stored in server logs for up to 90 days for security and operational purposes.
  • Usage patterns — Aggregate, anonymised data about how visitors interact with the site (e.g. which pages are most visited), collected via our analytics service (see §4).
  • Cookie data — Cookies placed on your device, subject to your consent (see our Cookie Policy and the consent banner).

We do not collect names, email addresses, or any other identifying information from general website visitors. The only accounts that exist on NollyFrame are internal admin/editor accounts used by our team to manage content.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To operate, maintain, and improve the NollyFrame website and its content.
  • To monitor and ensure the security and technical performance of our servers.
  • To understand how visitors use the site so we can improve the experience (via anonymised analytics).
  • To serve advertising through Google AdSense, subject to your cookie consent.
  • To comply with legal obligations.

4. Analytics — Umami

We use Umami Analytics, a privacy-focused, open-source analytics tool, hosted on our own server at analytics.thenollyframe.com. Umami does not use cookies, does not track users across websites, does not collect personal data, and does not sell or share data with third parties. It provides anonymised, aggregated statistics only (e.g. page views, referrers, device types).

Because Umami collects no personal data, it does not require cookie consent under GDPR.

5. Advertising — Google AdSense

NollyFrame uses Google AdSense to display advertisements. Google AdSense is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google AdSense may use cookies and similar tracking technologies to serve personalised advertisements based on your prior visits to this website and other websites. These cookies allow Google and its partners to serve ads based on your interests and browsing history.

Google AdSense cookies are only placed on your device if you have given your consent via our cookie consent banner. You can opt out of personalised advertising at any time by visiting:

For more information about how Google uses data from sites that use its services, please see: How Google uses data when you use our partners' sites or apps.

6. Embedded Content — YouTube

NollyFrame embeds videos from YouTube (operated by Google LLC) to showcase film clips. When you interact with an embedded YouTube video, YouTube may place cookies on your device and collect data about your interaction, subject to Google's Privacy Policy. We have no control over the data collected by YouTube via embedded players.

7. Legal Basis for Processing (GDPR Art. 6)

Where GDPR applies, we process your data on the following legal bases:

  • Legitimate interests (Art. 6(1)(f)) — Server log data for security, fraud prevention, and ensuring the technical operation of our infrastructure.
  • Consent (Art. 6(1)(a)) — Advertising cookies (Google AdSense) and any analytics cookies requiring consent are only placed after you give explicit consent via our cookie consent banner. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — Where required by applicable German or EU law.

8. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — You may request correction of inaccurate data.
  • Right to erasure (Art. 17) — You may request deletion of your personal data where no overriding legitimate interest exists.
  • Right to restriction (Art. 18) — You may request that we restrict processing of your data.
  • Right to data portability (Art. 20) — You may request your data in a structured, machine-readable format.
  • Right to object (Art. 21) — You may object to processing based on legitimate interests.
  • Right to withdraw consent — You may withdraw consent for cookie-based processing at any time by clearing your browser cookies or adjusting your preferences.
  • Right to lodge a complaint — You have the right to lodge a complaint with the German supervisory authority: the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

To exercise any of these rights, please contact us at nollyframe@gmail.com.

9. Data Retention

Server log data is retained for a maximum of 90 days, after which it is automatically deleted. Cookie consent preferences are stored locally in your browser's localStorage and remain until you clear your browser data.

We do not maintain a database of visitor personal data beyond what is described in this policy.

10. International Data Transfers

Some of our third-party service providers, including Google LLC (Google AdSense, YouTube), are based in the United States. Data transfers to the US are carried out under appropriate safeguards, including the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Children's Privacy

NollyFrame is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of the page. We encourage you to review this policy periodically to stay informed about how we protect your data.

13. Contact

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at:

nollyframe@gmail.com