FIAPF Headquarters ASBL | International Federation of Film Producers Associations
Registr.: 0589.983.296
Avenue des Arts 41, 1040 Brussels, Belgium
Phone: +32 (0)2 502 81 67
Email: info@fiapf.org
Hosting: Infomaniak (Swiss)
Updated at 01/01/2023
FIAPF (“we,” “our,” or “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how your personal information is collected, used, and, where applicable, shared by FIAPF with third parties.
FIAPF is a company advocating for film and television producers around the world. It is our mandate to represent the economic, legal, and regulatory interests which film and TV production industries have in common. As such, our use of your personal data takes place only within the context of those activities.
This Privacy Policy applies to our website, its associated subdomains and directories, as well as our social media pages collectively (our “Platform”), as well as any other online and/or offline interactions (all of the previous collectively being referred to as the “Activities”). By accessing or using our Service, you signify that you have read, understood this Privacy Policy and agree to our collection, storage, use, and disclosure of your personal information as described herein.
1. Information about the General Data Protection Regulation or the GDPR
As a business located in the European Union it is one of our obligations to comply with the terms and conditions of the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016, “GDPR”). Since we understand that the GDPR can be an abstract and complex term for you, it is our goal in this section of our Privacy Policy to provide you with a basic understanding of what the application of the GDPR means for your privacy and personal data.
A. What is the GDPR?
The GDPR is an EU-wide privacy and data protection law that regulates how personal data in the European Union is collected and processed. In addition, it regulates how European residents’ personal data is collected and processed outside the European borders. In short, it sets out how the personal data is used and protected by companies. In addition, it greatly enhances the control the European residents have over their personal data.
B. What is personal data?
Personal data is defined as any data that relates to an identified or identifiable individual. This individual is called the data subject in the GDPR. It is important to note that in the application of this definition the GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. As such, personal data extends beyond a person’s name or email address. Some examples include financial information, IP addresses, physical address, gender..
C. Why is the GDPR important?
The GDPR adds important requirements regarding how companies should protect each individuals’ personal data that they collect and process. Since its introduction, it has raised the stakes for compliance by, among others increasing enforcement. Beyond these facts it is simply the right thing to do. At FIAPF we strongly believe that your data privacy is very important.
2. Personal data collected and processed
In the next part we will attempt to provide you with an overview of the categories of personal data we collect and process. The goal is to give you an understanding of what data we collect and how these personal data relate to our activities.
A. Children’s Privacy
We do not address our Service to children. We therefore do not knowingly collect personal data from children without the consent of their parents or guardians. Children being understood to be anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data without your consent, please contact us.
If we become aware that we have collected personal data from a child without the necessary verifications of parental consent, we take steps to remove that information from our servers without undue delay.
B. Basic contact and identification data
The contact and identification data includes basic identifying and/or professional information such as your first name, surname, your company name, and your function at the company you represent. This category of personal data furthermore includes contact data such as your e-mail address and telephone number and might, depending on the purpose, refer to demographic information such as your address.
When making use of our Services via the Platform your basic contact and identification data will also relate to your usernames and passwords used to access the Platform.
C. Advocacy specific data
When we approach you or you approach us in the context of our advocacy activities, we may collect and process more extensive personal data relating to you, all falling within the scope of those advocacy activities. Please note that the specific information may strongly differ depending on our specific relationship. As such, it may also relate to any additional information you choose to provide to us in the framework of our advocacy activities.
The advocacy specific data may, in addition, include special categories of personal data, among other relating to professional organization memberships, political opinions etc. These personal data enjoy an additional tier of care from our part, as set out under article 3 to this Privacy Policy.
D. Event data
FIAPF oftentimes organizes events under its own name or in partnership to which you may participate either as a speaker or a participant. Event data may include personal data about your participation in our conferences, seminars, and other events, including necessary credentials, associations, dietary requirements, personal interests, and other preferences. When you participate to our events as a speaker more extensive personal data may be processed, such as a photograph, including a bio.
In addition to the previous, and depending on the specific event, we may collect and process more extensive personal data on you. This personal data may refer among others to
- information relating to our interactions;
- information provided in responses to surveys we may conduct; Etc.
E. Recruitment data
If you are a FIAPF applicant, we collect information you voluntarily provide to us. These personal data may, among others, refer to your curriculum vitae, your education and employment history, grades, and other information as may be relevant for the assessment of your candidacy.
F. Usage and technical data
We automatically collect certain information when you visit, use, or navigate the Platform. This category of personal data may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about who and when you use our Services and other technical information.
Please note that the concerning data may among others be collected by automated means, such as for example cookies. Please refer to our Cookie Policy for more information relating to our processing of personal data via cookies and similar technologies.
3. How we use personal data
In the next part, we set out the purposes for which we collect and process your personal data. As required under data protection law, we additionally provide you with the applicable legal bases for each processing purpose, so that you may effectively be able to exercise your data protection rights.
Please contact us as described under article 10 of this Privacy Policy if should you require more information or if you should have any question relating to our processing purposes.
A. General interactions
We may collect and process personal data about you when you exchange communications with us in the context of our Activities. The personal data concerned refers in particular to all basic contact and identification data, as may be necessary for the proper exchange of information between us. The interactions with us may happen via mail, telephone, fax, the forms available on our Platform, or via any other communication or telecommunication technology at your disposal, including social media.
Please note that the processing under this section also includes interactions in an offline environment. This means that information, such as personal data on a business card you exchanged with us, will also be processed by us.
For the collection and processing of your personal data in the context of our general interactions, we base ourselves on our legitimate interest to provide you with the best possible interactions in answering your requests and by providing you with proper response times.
B. Advocacy activities
We collect and process the basic contact and identification data of individuals acting in their capacity of representatives of their organizations, across the relevant sectors and fields of expertise. Depending on your particular capacity, we may furthermore collect advocacy specific data.
In the context of our advocacy activities, we may among others contact policymakers, stakeholders, and journalists on various matters falling within the context of our advocacy activities.
Personal data in the context of advocacy activities may additionally be used for the fixing of meeting dates and calls. Where you choose to share such personal data with us, we may collect information specific for the purposes of such meetings.
For the collection and processing of your personal data in relation to our advocacy activities, we base ourselves on our legitimate interest to achieve our policy goals by contacting the relevant stakeholders and coordinating political actions in our key-areas of expertise.
Where the processing of such data would entail the processing of special categories of personal data, as defined under article 2 to this Privacy Policy, the particular personal data will be subject to additional considerations from our part. This means that we will only process such personal data from the persons who are in contact with us in connection to our advocacy activities. These personal data will only be processed within FIAPF, its legal entities, including our Affiliates, its suppliers specifically in charge of advocacy activities on FIAPF’s legal entities and Affiliates’ behalf, and will not be disclosed to any extra third parties without your consent.
C. Marketing communications
We may use your personal data, such as basic contact and identification data, for the purpose of providing you with information relating to conferences, seminars, and other events we may host or participate in, communications regarding novelties in our fields of expertise.
For the collection and processing of your personal data in relation to the marketing communications, we base ourselves on your consent to receive such communications. When you receive marketing communications from us, you retain at all times the right to opt-out from our receiver list by sending us an email to info@fiapf.org or by clicking the unsubscribe button at the bottom of a specific marketing communication.
D. Management of our members’ section
Our Platform contains one or more password-protected members/accredited festivals’ sections, to which you may gain access via your basic contact and identification data, specifically including an account and a password. For the purpose of managing the member/accredited festivals sections we securely store the required basic contact and identification data on our servers. These personal data are subject to the necessary technical and organizational measures in order to safeguard their confidentiality and safety.
When registering an account to gain access to the members/accredited festivals’ sections, you conclude an agreement with us. For the processing of such personal data, we therefore base ourselves on our relationship.
E. Organization of events
FIAPF oftentimes organizes events in its own name or in partnership to which you may participate either as a speaker or a participant. In order to guarantee a streamlined organization of such events, your personal data may be processed. The personal data refers in particular to your basic contact and identification data, as well as the event specific data.
Our processing activities may, among others, relate to managing your attendance and participation to our conferences, seminars, and other events, the processing of any particular dietary requirements you may wish to share with us, processing of follow-up surveys you may fill in after your participation, etc.
For the collection and processing of your personal data in relation to events we may organize, we base ourselves on your prior, informed, explicit consent in order to able to process your personal data. You will always be asked to signify your consent explicitly when interacting with us for the purpose of one of our events.
F. Recruitment
When opening up a position in our organisation, we may collect personal data relevant to the recruitment process, such as basic contact and identification data and recruitment data. In certain circumstances these personal data may extend beyond the aforementioned categories, more specifically when certain personal data may be required in order to ensure our compliance with our legal and regulatory obligations.
We use the information collected for human resources purposes in order to screen applicants.
Please note that our recruitment related decisions are entirely based on merit and that we do not discriminate based on gender, race, ethnic origin, age, religion, sexual orientation, disability, etc.
For the collection and processing of your personal data in relation to the recruitment process we base ourselves on our legitimate interest to make the best possible recruitment decision in the interest of developing our activities.
G. Business administration
We collect and process the basic contact and identification data of individuals acting in their capacity of employees or representatives of our business partners and/or service providers.
The processing of this purpose includes the execution of agreements we may have concluded with such employees, representatives, or the companies they represent, general administrative management, compliance with laws and regulations, as well as the protection of our rights.
For the collection and processing of your personal data in relation to our business administration, in the first place, we base ourselves on the contract we concluded with the other party. However, should there not be a contract in place, for example when the personal data only relates to potential service providers, then we base ourselves on our legitimate interest to store information on potential partners and/or service providers.
H. Insights and analytics
We may analyze the information including the personal data necessary for us to directly identify you in relation to other personal data, such as your interactions on the Platform and your communications with us. This information relates in particular to your basic contact and identification data and the usage and technical data.
The gathering and analysis of such information may be performed by using cookies, web beacons, pixel tags, log files, and similar technologies used to gather personal data from the hardware and software you use to visit our Platform, including from any mobile devices you may use.
For more information regarding cookies, web beacons, and pixel tags used on our Platform, please refer to our Cookie Policy.
For the collection and processing of your personal data for insights and analysis, we base ourselves on our legitimate interest to use your personal data for the continuous improvement of our operations, in order to provide you with the best possible experience, among others on our Platform.
I. Security and IT management
We use your basic contact and identification data, and usage and technical data for the purpose of ensuring the effective and secure functioning of our information security systems and more generally the online environment that we put at your disposal.
The gathering and analysis of such information may, among others, be performed by using cookies, web beacons, pixel tags, log files, and similar technologies used to gather personal data from the hardware and software you use to visit our Platform, including from any mobile devices you may use.
For more information regarding cookies, web beacons, and pixel tags used on our Platform, please refer to our Cookie Policy.
For the collection and processing of your personal data for the purpose of securing and ensuring the effective functioning of our online environments, we base ourselves on our legitimate interest to monitor how our Platform is used and to detect and prevent fraud, criminal activities, and general misuse of our services.
4. How long we retain your personal data
Our policy is to only retain your personal data for as long as it is required to satisfy the purposes for which we collected it or for which you provided it to us. Where such processing is based on your consent, we will process the personal data for as long as you have not withdrawn your consent or at the latest two (2) years after its last use in accordance with the purpose for which it was collected. In what follows we seek to give you the necessary tools in order for you to assess how long your personal data may be retained by us.
As a base rule, we will de-identify or delete any personal data that is no longer considered necessary for the purposes described above or when the retention period as described below has been surpassed. This deletion will happen without further notice or liability on our part. However, please note that your personal data will never be de-identified or deleted when such personal data is to be retained by us in the application of an obligation of legal, administrative, or jurisdictional nature. Such an obligation would effectively forbid us or make it impossible for us to remove your personal data. Nevertheless, such data will only be stored for the purpose of our compliance and will no longer be processed for any other purpose.
We distinguish the following specific retention periods:
- All basic contact and identification data and advocacy specific data will be kept and stored for as long as they are in use for the purpose of our communication with you and for the building of a historical archive of our past communications. The storing of such information is particularly important for later interactions, in that it allows us to revert to earlier communications should you come to us with new questions, requests, comments, or other input.
- All basic contact and identification data used for our marketing purposes will be stored and processed for as long as you choose to remain subscribed to any of our marketing services. Where we process your marketing specific data on the basis of our legitimate interest, we will no longer process your personal data after a period of two (2) years after receiving your consent, unless you should choose to renew it.
- All basic contact and identification data used for the purpose of managing our member’s / FIAPF accredited festivals’ section on our Platform will be kept for as long as you have an account and for an additional ten (10) years thereafter.
- All Event data may be retained for ten (10) years.
- The recruitment data will be stored at least for the duration of the recruitment process. Should we decide not to hire you, then your personal data will be de-identified or deleted at the end of the recruitment process. Nevertheless, our past communications, including those regarding the recruitment process will be stored on our servers for our historical archives. The historical archives might be used to contact you at a later date for new openings regarding a job position you are qualified for up until five (5) years after your initial application if you consent to its further processing in that manner.
- The usage and technical data are stored for a duration of three (3) months after their initial collection, except for cookies when visiting our website – please see our Cookies Policy to take an informed decision when managing your cookies. After such a period they will be de-identified or deleted.
5. With whom do we share your personal data
In order to provide our services to you and in order to make our Platform available to you, we may share your personal data with third-party contractors and/or other data controllers. We have identified the following main categories of third-party that might be recipients of your personal data:
- Our employees and professional advisers;
- Professional indemnity or other relevant insurers;
- Third parties and tools to whom we outsource certain services such as, without limitation, confidential waste disposal, IT systems or software providers, IT support service providers, documents, and information storage providers;
- Our website and online domain host; and
- Third-party service providers who assist us with insights and analytics, such as Google Analytics.
Whenever third parties falling under one or more of the abovementioned categories should be considered a sub-processor under the general data protection regulation, we confirm that we have concluded the necessary agreements in order to safeguard the transfers and processing of your personal data.
In addition to the previous, we may disclose information (including personal data) about you to our Affiliates. For purposes of this Privacy Policy, “Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with FIAPF, whether by ownership or otherwise. Any information relating to you that we provide to our Affiliates will be treated by those Affiliates in accordance with the terms of this Privacy Policy.
Feel free to contact us as set out under article 10 of the Privacy Policy, should you have any questions regarding the third party recipients of your personal data and the safeguards we have implemented in that regard.
6. International data transfers
We are based in Belgium. As a principle, your personal data will be stored and processed in the European Economic Area. However, for the purposes set out in article 4 of this Privacy Policy, we may have to transfer personal data to other jurisdictions outside the European Economic Area. When we transfer your personal data to third parties residing in such jurisdictions, we implement appropriate safeguards in our agreement with those third parties in order provide your personal data the benefit of an adequate level of data protection and at least a level of data protection equivalent to the level to which you are entitled under the General Data Protection Regulation.
For this purpose, we assess the level of data protection in the country of transit or destination, among others taking into account the adequacy decisions taken by the European Commission, the Swiss Privacy Shield, and similar safeguards that the European Commission may provide in the future. Additionally, we may make use of the Standard Contractual Clauses approved by the European Commission and any other appropriate solutions as required or permitted by the applicable Data Protection Legislation.
In particular, we may share your personal data with the following parties located outside the European Economic Area:
Name | Infomaniak Network SA |
Address | Rue Eugène-Marziano 25,
1227 Genève, Switzerland N° IDE & TVA : CHE-103.167.648 |
Function | Website host – sub-processor |
Data processing agreement | https://manager.infomaniak.com/pdfcgu/en_GB/52/dpa.pdf |
Location of data storing | Switzerland |
Feel free to contact us as set out under article 10 of the Privacy Policy, should you have any questions regarding the international transfers of your personal data and the safeguards we have implemented in that regard.
7. Your data protection rights
Under the applicable Data Protection Legislation, you are entitled, free of charge, to exercise certain rights in relation to your personal data collected and processed by us.
Withdrawal of consent. You have the right to withdraw your consent in relation to all processing activities for which you have previously given us your consent.
Right of access. You are entitled to request a copy of the data we process and hold on you. If we process and/or hold personal data about you, you will receive a copy of the information in an understandable format together with an explanation of why and how we hold and use it.
Right of rectification. You have the right to ask us to correct your personal data. This includes the right to have us correct spelling mistakes or change an address, email addresses, phone numbers, etc.
Right of erasure. You have the right to request the deletion of the personal data we process or hold on you. We can object to the deletion of your personal data if the processing is done to comply with legal obligations, for reasons of public interest, or for the establishment, exercise, or defence of our legal claims.
Right to restrict the processing. Under certain circumstances, you have the right to ask us to restrict our processing of your personal data. Please note that in exercising this right, the relevant personal data will remain stored in our possession, but we will not be able to further process it.
Right to object to the processing. In those instances where we process and collect your personal data based on our legitimate interest, you have the right to object to our processing of such data. Please note that if you decide to exercise your right to object to our processing of your personal data, we have the right to provide you with our legitimate grounds on which we base ourselves in order to continue the processing of your data.
Right to data portability. You are entitled to receive the personal data we process or hold on you in a structured, commonly used, and machine-readable format. Furthermore, you mayb have the right to have this personal data transmitted to another data controller.
If you would like to be supplied with further information on your rights or wish to exercise them, please write to us at website@fiapf.org. We ask of you to properly identify yourself when exercising your data protection rights in order to enable us to execute your request within due delays.
In those cases where we deem your request to exercise your rights manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for the execution of your request, or even to refuse to act on your request.
8. Security of your personal data
We use generally accepted and reasonable technical and organisational methods consistent with current technological developments with regard to operational security to offer protection against loss, abuse, alteration, or destruction of all personal data we store and process.
Our technical and organisational measures are frequently updated in order to adapt these measures to new technical and organisational procedures and to ensure the continued safety of your personal data.
Please note that our Platform may contain links to other websites or internet resources which may also collect personal data, through cookies or other technologies. We carry no responsibility, liability for, or control over those other websites or internet resources or their collection, use, or disclosure of your personal data. We recommend that you review the privacy policies of these other websites and internet resources in order to understand how they collect and process your personal data.
9. Changes To Our Privacy Policy
We may change our Service and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our Service and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can at all times stop making use of our Services and/or can delete your account.
We reserve the right to transfer information to a third party in the event of a merger or other transfer of all or substantially all of the assets of FIAPF or any of its Affiliates, or that portion of FIAPF or any of its Affiliates to which the Service relates, or in the event that we discontinue our activities or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.
10. Contact us
You undertake to communicate accurate personal data to us. You may at any time modify the personal data at our disposal by sending us an email. We cannot be held responsible for any failure of our Services related to incorrect information that has been provided by you.
Should you have any questions about this Privacy Policy or should you have the feeling that your interests are not or inadequately represented, you can address all your questions to us at the following email address: website@fiapf.org.
11. Governing Law and jurisdiction
This Privacy Policy shall be governed by – and construed in accordance with the laws applicable in Belgium.
You have the right to file a complaint with the competent data protection authority, including being the place of the alleged infringement of the applicable Data Protection Legislation. Notwithstanding the previous, the lead data protection authority is the Belgian Data Protection Authority (“Autorité de protection des données” or “Gegevensbeschermingsautoriteit”), which can be reached via the following means of communication:
- by following the instructions and filling in the form accessible via this link;
- by sending a letter to Drukpersstraat 35, 1000 Brussels, Belgium;
- by calling the following number +32 (0)2 274 48 00;
- by faxing to +32 (0)2 274 48 35; or
- by sending an email to contact@apd-gba.be.