Privatlivspolitik for e-magasinet

E-magasinet af udviklet af firmaet Pressmatrix, som også har formuleret nedenstående privatlivspolitik for e-magasinet.

DATA PROTECTION
Filmmagasinet Ekkos e-magazine

We welcomes your use of our app. We take the protection of your private data seriously and want you to feel comfortable when you visit our app. The protection of your privacy in the processing of personal data is an important concern for us, which we take into consideration in our business methods. We process personal data collected when you visit our app in accordance with data protection regulations. The app may contain links to third-party websites that are not covered by this privacy policy. By visiting our app, you consent to the use of your personal data and agree to the following privacy policy.

1. Definitions
This privacy policy is based on the terminology of the European General Data Protection Regulation (GDPR) and should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

Personal data
Personal data are any information relating to an identified or identifiable natural person (in the following, the “data subject”). A natural person is considered identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons.

Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the processing controller.

Processing
‘Processing’ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Restriction of processing
‘Restriction of processing’ is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling
‘Profiling’ is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymization
‘Pseudonymisation’ is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or Processing controller
The ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law

Processor
The ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient
The ‘recipient’ is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party
A ‘third party’ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data

Consent
‘Consent’ of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and contact details of the controller and the data protection officer
The controller pursuant to Art. 4 No. 7 GDPR is:

Filmmagasinet Ekko
Wildersgade 32, 2. sal
1408 København K
Phone: +45 8838 9292
Email: sekretariat@ekkofilm.dk

3. Processing of personal data and the nature and purpose of their use
We process personal data only in the legal framework of the relevant legislation and where appropriate with your consent. Personal data is all information relating or at least relatable to a natural person thereby allowing conclusions concerning their personality. Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Use of the app 
When you visit our app, the application used on your device (app) automatically sends information to the server of our app. This information is temporarily stored in a so-called log file.

The following information will be collected without any action on your part and stored until deletion:

• IP address of the requesting terminal device
• date and time of access
• name of issues and content
• manufacturer, type and operating system of your device as well as the name of your access provider.

The data mentioned are processed by us for the following purposes:
• ensuring the set up of a smooth app connection
• ensuring comfortable use of our app
• evaluation of system security and stability
• further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no event do we use the collected data for the purpose of drawing conclusions on your person.

We store information in the memory of your terminal device. In this way we can spare you having to re-enter your personal data – if required – in forms or in the log-in area. You can remove this data using the relevant functions of your terminal device.

In addition, we use cookies and analysis services when you visit our app. For more details, see below in this privacy policy.

Disclosure of data 
There will be no transfer of your personal data to third parties for purposes other than those listed below. We only share your personal information with third parties if:

• you have given express consent to this according to Art. 6 para. 1 S. 1 lit. f GDPR
• the disclosure pursuant to Art. 6 para. S. 1 lit. f GDPR is required to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed.
• in the event of a legal obligation for disclosure pursuant to Art. 6 para. 1 S. 1 lit. c GDPR
• it is legally permissible and required according to Art. 6 para. 1 sentence 1 lit. b GDPR for settling contractual relationships with you.

4. Cookies
We use cookies on our site. These are small files that your browser automatically creates and that are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our site.

Information is stored in the cookie, in each case deriving from associations with the specific terminal device. However, this does not mean that we thereby acquire direct knowledge of your identity.

The implementation of cookies serves on the one hand to make the experience of using our app more pleasant. Thus we use so-called session cookies to recognize that you have already visited individual pages of our app. These will be deleted after leaving our site. In addition, for improved convenience, we also use temporary cookies that are stored on your terminal device for a specified period of time. If you visit our site again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our app and evaluate it for the purpose of optimizing our offer for you. When you visit our site again, these cookies allow us to automatically recognize that you have already been with us. Such cookies are deleted after an individually defined time.

The data processed by cookies is necessary for the purposes mentioned of safeguarding our legitimate interests as well as those of third parties according to Art. 6 para. 1 S. 1 lit. f GDPR.

5. Analysis tools
The tracking measures listed below and used by us are based on Art. 6 para. 1 sentence 1 lit. f GDPR. The tracking measures implemented are intended to ensure an app design that meets customers’ needs and is continually optimized. On the other hand, we use the tracking measures to statistically record the use of our app and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified in the sense of the aforementioned provision.

The particular data processing purposes and data categories are to be inferred from the tracking tools employed.

Flurry Analytics (Flurry, Inc.)
Flurry Analytics is an analysis service from Yahoo! Inc.
This service is for analysing mobile apps and may collect various information about your phone as described in the Flurry Analytics Privacy Policy.
If the user opts out, Flurry stops data tracking for the device identified by the specified MAC address and / or device ID. Analytics service tracking is stopped in all applications within the Flurry network.
Personal data collected: cookie, usage data and various types of data as described in the privacy policy of the service.
Processing Location: United States – Privacy Policy – Opt Out.

Google Analytics for Firebase (Google Inc.)
Google Analytics for Firebase or Firebase Analytics is an analysis service provided by Google Inc. Further information on the use of data by Google can be found in the Google’s partner directive.
Firebase Analytics can share data with other tools provided by Firebase such as Crash Reporting, Authentification, Remote Config, or Notifications. The user may review this Privacy Policy for a detailed explanation of the other tools used by the owner.

This application uses identifiers for mobile devices (including Android Advertising ID and Advertising Identifier for iOS) and cookie-like technologies to run the Google Analytics for Firebase services.

Users may opt out of certain Firebase features through the appropriate mobile device settings, for instance through the advertising settings for mobile devices or, where applicable, by following the guidelines concerning Firebase in other sections of this Privacy Policy. Personal information collected: cookie, unique device identifier for advertising (Google Advertising ID or IDFA, for example) and usage data.
Processing Location: United States – Privacy Policy. Privacy Shield member.

6. Testing the performance of content and features (A / B test)
The Services included in this section allow the provider to track and analyse the user’s response to the app’s traffic or their behaviour after that application has been modified in terms of structure, text, or other components.

Firebase Remote Config (Google Inc.)
Firebase Remote Config is a service provided by Google Inc. to perform A / B testing and configuration.
Personal data collected: different types of data as described in the service’s privacy policy.
Processing Location: United States – Privacy Policy. Privacy Shield member.

7. Rights of the data subject
Because we process your personal information, you have the following rights:

Right of access by the data subject
According to Art. 15 GDPR you can request information on your personal data which has been processed by us. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right of rectification, erasure, restriction of or objection to processing, the existence of a right of complaint, the source of your data if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information on the details of such.

Rectification
In accordance with Art. 16 GDPR, you can immediately demand the rectification of inaccurate personal data or the completion of incomplete personal data stored by us.

Deletion
In accordance with Art. 17 GDPR, you may request the erasure of personal data concerning you stored by us, unless such processing is required to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.

Restriction
You have the right to obtain restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful and you oppose its erasure in favour of restriction, we no longer need the data but you require the data for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.

Data portability 
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or have the personal data sent to another controller

Withdrawal
In accordance with Art. 7 para. 3 GDPR, you can withdraw your previously given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future.

Right to lodge a complaint
You have the right to lodge a complaint to a supervisory authority in accordance with Art. 77 GDPR if you consider that the processing of your personal data infringes data protection regulations. As a rule, you can contact the supervisory authority of your habitual place of residence or place of work or of our company headquarters.

8. Right to object
Insofar as your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without the specification of any particular situation. To exercise your right of withdrawal or right to object, it suffices to send us an e-mail.

9. Data protection in applications and in the application process
We collect and process the personal data of applicants as part of the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents by electronic means, for example by e-mail or via a website application form. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If no contract of employment with the candidate is concluded by the processing controller, the application documents shall be deleted two months after notification of the rejection decision, provided there exists no other legitimate interest of the controller that conflicts with the deletion. A legitimate interest in this sense would be, for example, a burden of proof in a procedure under the General Equal Treatment Act (GETA).

10. Storage duration of personal data
The criterion for the duration of the storage of personal data is the respective legal retention period. After the deadline, the corresponding data will be deleted, if they are no longer required to fulfil the contract or to initiate a contract.

11. w.r.t automated decision-making
As a responsible company we refrain from automated decision-making or profiling.

12. Data security
We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

13. Change of this Privacy Policy
This privacy policy is currently valid. Due to the further development of our app and offers concerning it or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy.

As of August 2019

© Filmmagasinet Ekko