Introduction
This Privacy Policy for EEA, UK and SWISS RESIDENTS has been adopted by CineCert Inc. (“CineCert,” “we,” “us,” “our”) to apply to our collection and use of information we have received from or about you including in your correspondence with us or while you are engaging with our website located at www.cinecert.com or any other CineCert owned or operated website or mobile application (the “Sites”). For the purposes of EU data protection laws CineCert is the data controller (i.e. the company responsible for, and which controls the processing of your personal information).
This Privacy Policy explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Policy also sets out your rights in respect of our processing of your personal data.
When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.
In respect of your personal data, CineCert is the data controller (i.e. the company responsible for, and which determines the purposes and means, of processing your personal data).
Application of this Privacy Policy
This Privacy Policy applies to those in the European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland:
- who visit or register with the Sites;
- who use the services that we make available from the Sites or who engage with us to buy the products or use the services that CineCert provides, as described on the Site (our “Services”);
- whose personal data we may process as a result of providing the Services to others;
- who contact CineCert either in relation to the Site or the Services;
- who work for our customers and suppliers;
- who visit our physical locations or attend our events; and
- who apply to work with us.
This Privacy Policy also covers all processing of personal data by any of our establishments in the EEA and the UK.
The Information We Collect
We will collect the personal data from you necessary for us to provide you with the Services, to allow you to use and interact with our Sites, and to process your application to perform freelance or other work for us. You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services. You may elect to electronically provide certain personal data such as your name, the company you represent, physical address, and email address, other contact information, account name and password, citizenship information, tax forms, taxpayer identification number, social security number, language skill information and professional information to us through means described on the Sites from time to time. We use such personal data to respond to your inquiries, set up and manage your account with us, assign and manage freelance projects and to assess the suitability of those who apply to work with us. Subject to obtaining your consent where required by applicable data privacy laws, we may also use such personal data to notify you of events that we think may be of interest to you. If you decide at any time that you no longer wish to receive notifications from us, you may withdraw you consent or object to us sending you those communications by referring to the paragraph below captioned “Your rights as a data subject”.
If you contact us by email through the Sites, we may keep a record of your contact information and correspondence. We may use your email address and any information that you provide to us in your message to respond to you. In addition, we may send by email important administrative information regarding either the Sites or Services to users who have provided us with their email addresses. Because this information may be important to your use of the Sites or Services, it is generally not possible to “opt out” of receiving these service email communications. The Sites are not intended for or directed to children under eighteen (18) years of age, and CineCert does not knowingly collect personal data from such individuals. If you are younger than eighteen, do not provide any personal data while using the Sites.
How we collect and receive personal data
We collect and receive personal data using different methods: (i) personal data you provide to us: you may give us your personal data directly, for example, when you contact us with inquiries, complete forms on our Site, subscribe to receive our marketing communications, apply to work with us or provide feedback to us; (ii) personal data we collect using cookies and other similar technologies: when you access and use our Site, we will collect certain personal data such as data relating to your browsing activity or interaction with our emails; (iii) publicly available personal data: from time to time, we may collect personal data about you that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms); (iv) personal data provided to us on your behalf: for example we may receive personal data from a recruiter in respect of your application to work with us or we may receive your personal data from your employer if your employer is our customer or supplier.
How We Use the Information We Collect and our Lawful Bases
We will only process your personal data where we have a lawful basis to do so. In general, our lawful bases will be (i) where you have given specific consent to processing your data (“Consent”); (ii) where the processing necessary for performance of a contract with you or to take steps at your request to enter a contract (“Contract”); (iii) where the processing necessary to comply with our legal obligations (“Legal Obligation”); (iv) where the processing necessary for our or a third party’s legitimate interests (“Legitimate Interest”). Where CineCert relies on Legitimate Interest we undertake a legitimate interest assessment to ensure that our processing is necessary and proportionate to our aims and interests and that our pursuit of those aims and interests is not outweighed by your rights and freedoms. The legitimate interests we are pursuing will be evident from our purposes set out in this Privacy Policy and this Privacy Policy documents our “legitimate interest assessment” wherever one is required.
CineCert may use personal data about you for the following purposes on the following lawful bases: (i) To establish or maintain our relationship with you (Contract or Legitimate Interest); (ii) to contact you and respond to your requests and inquiries (Legitimate Interest); (iii) to provide you with products or services you have requested (Contract); (iv) to keep you informed of Services we think may be of interest to you (Legitimate Interest and Consent in respect of electronic marketing); (v) to personalize your experience with us and to assist you while you use the Sites (Consent); (vi) for business administration, including to operate our Sites and for statistical analysis (Consent and Legitimate Interest); (vii) to assign and manage our freelance projects and for associated payment processing activities (Contract); (viii) to improve the Sites by helping us understand who uses the Sites (Legitimate Interest); (ix) for fraud prevention and detection and to comply with applicable laws, regulations or codes of practice (Legal Obligation and Legitimate Interest); and (x) to assess the suitability of your application to work with us (Legitimate Interest).
Sharing your personal data
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
We may disclose your personal data to our affiliates and subsidiaries and to our service providers to the extent necessary to enable them to perform certain Site-related or other services (for example, web hosting, to improve Site-related services and features, or for maintenance services) on our behalf. All service providers are required to comply with the privacy practices and policies of CineCert and are permitted to use data only for the purpose of performing services on our behalf. We may also disclose such information to any third party if we believe that we are required to do so for any or all of the following reasons: (i) by law; (ii) to comply with certain legal processes or governmental requests; (iii) to prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of the Sites or our network; (iv) when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others; (iv) to protect the rights, property, or safety of CineCert and its affiliates, their partners, and employees, the users of the Sites, or the public; and/or (v) to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
Transfers outside the EEA, UK and Switzerland
Where necessary in order to provide our Site and Services, we will transfer personal data to countries outside the EEA, UK and Switzerland.
Non-EEA/UK/Swiss countries do not have the same data protection laws as the EEA, UK and Switzerland and may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data outside the EEA, UK and Switzerland, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.
When transferring your personal data outside the EEA, UK and Switzerland, we will, where required by applicable law, implement at least one of the safeguards set out below. Please contact us if you would like further information on the specific mechanisms used by us when transferring your personal data outside the EEA, UK and Switzerland: (i) Adequacy decisions: We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or UK and Swiss Governments (as applicable); and (ii) Model clauses: Where we use certain service providers, we may use specific standard contractual clauses approved by the European Commission and/or UK and Swiss Governments which give personal data the same protection it has in the EEA, UK and Switzerland.
How long we keep your personal data
In respect of personal data that we process in connection with the supply of our Services, we will generally retain your personal data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.
Where we process personal data in connection with the registration and use of an account on our Site, we will generally retain your personal data for up to six years from the date that the relevant account is terminated (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.
Where we process any other personal data, we will generally retain relevant personal data for up to three years from the date of our last interaction with you (and in compliance with our data protect obligations). We may then destroy such files without further notice or liability.
If any personal data is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign),
we will not retain it for longer than the period for which it is used by us.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this personal data to send you further marketing unless you subsequently opt back in to receive such marketing.
Your rights as a data subject
You have certain rights in relation to the personal data we hold about you. These rights include the right: (i) to obtain copies of your personal data; (ii) to have your personal data corrected or deleted; (iii) to limit the way in which your personal data is used; (iv) to object to our use of your personal data; (v) to transfer your personal data; (vi) not to be subject to decisions based on automated processing (including profiling); and (vii) to complain to a supervisory authority. A description of when these rights apply is set out below. If you would like to exercise any of these rights, please contact us using the details set out in the “Contact us” section below.
Your right of access
Your right to rectification
Your right to erasure
Your right to restrict processing
Your right to data portability
Your right to object
If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.
If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them.
You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
You can ask us to “block” or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
You can ask us to stop processing your personal data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your personal data for direct marketing purposes.
Marketing
Your rights in relation to automated decision- making and profiling
Your right to withdraw consent
Your right to lodge a complaint with the supervisory authority
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “Contact us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “Contact us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at: http://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm.
In the UK the supervisory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at: https://ico.org.uk.
In Switzerland, the supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC). Contact details for the FDPIC can be found on its website at: https://www.edoeb.admin.ch/edoeb/en/home.html.
We may contact you periodically by email to provide information regarding events, products, services and content that may be of interest to you, unless you advise us that you do not wish to receive marketing or market research communications from us. We will only send you those types of communications after receiving your consent.
If you wish to stop receiving marketing or market research communications from us you can contact us as described in the “Contact us” section below to let us know what types of communications you wish to stop receiving. You have the right to object to us sending you electronic marketing at any time (see the “Your rights as a data subject” section above).
Revisions to Our Privacy Policy
CineCert will update and revise this Privacy Policy from time to time, as it deems necessary or appropriate. You may determine if this Privacy Policy has been revised since your last visit by referring to the “Effective Date of Current Policy” date noted at the top of this page. You should review this Privacy Policy regularly in order to ensure your awareness of the information within it. If we make material changes to this Privacy Policy we will notify you by means of prominent notices on the Sites prior to the change becoming effective.
Contact Us
If you have any questions or concerns regarding this Privacy Policy please email the applicable CineCert contact listed on the applicable Site or contact us either by email at legal@cinecert.com, or by regular mail at Legal Department, 2840 N. Lima St. Unit 110A, Burbank CA 91504.