The GIFF Foundation (hereinafter “GIFF”) communicates transparently about its policy on the collection and use of personal data. In accordance with the Federal Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR), GIFF is committed to ensuring that all its data collection activities comply with strong safeguards to prevent any misuse of your personal data.
1. Use of your data
Your personal data will always be used in accordance with the purposes for which they were originally collected; they may be processed, always within a legal framework, in the context of activities such as the provision of services, evaluation of the usefulness of this site, data management or technical support.
2. Security and privacy
To ensure the security and privacy of the personal data we collect online, we use data networks protected by, among other things, industry-standard firewalls and passwords. When processing your personal data, we take appropriate measures to protect such information from loss, misuse, unauthorized access, disclosure, alteration and deletion. Paper records are maintained in accordance with the guidelines of the City of Geneva and in compliance with Swiss law.
3. Access to your personal information
In accordance with the Federal Data Protection Act (DPA) and the EU General Data Protection Regulation, you have a right of access to information about you held by GIFF. You may request a copy of the information we hold about you at any time at firstname.lastname@example.org (please note that we will require a copy of an official document confirming your identity).
4. Non-disclosure of personal data
Your personal data will not be sold, shared or communicated to any third parties except those expressly listed below. Third parties who may have access to your data for technical reasons have contracted with us to use your personal data only for the purposes agreed upon, not to sell your information to third parties and not to disclose it to other third parties except as required by law. We will process your personal data strictly in accordance with the procedure described in this policy. However, we reserve the right to do otherwise if required by law.
Geneva International Film Festival (GIFF)
1, Rue de Chantepoulet
CH – 1201 Geneva
Your contact person: Tom Guex
email@example.com | +41 22 809 69 20
1. Use of the data
Subscribing to the newsletter allows you to be kept informed of GIFF activities. The frequency of sending during the year is maximum one newsletter per month, except during the month before the Festival, when it is one newsletter per week, then one newsletter per day during the 10 days of the Festival.
To send our newsletter, we use the list provider MailChimp. MailChimp is a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318 (hereinafter referred to as “Rocket”).
The data stored during registration is transmitted to and stored by Rocket. The data entered during registration is not passed on to third parties. In addition, MailChimp offers various analysis possibilities on how the sent newsletters are opened and used, e.g. how many users received an email, whether emails were rejected and whether users unsubscribed from the list after receiving an email. Rocket undertakes to process and store all data entrusted to it in accordance with the GDPR and/or the DPA. Get more information about MailChimp here. MailChimp is certified under the “Swiss-US or EU-US-Privacy-Shield”. The “Privacy Shield” is an agreement between Switzerland, respectively the European Union (EU), and the United States to ensure compliance with European data protection standards in the US.
2. Personal data
The term “personal data” as used in this section refers to information that can identify you, such as:
- name and surname
- e-mail address
- IP address
3. Right to unsubscribe
If you no longer wish to receive electronic communications about GIFF activities, you can unsubscribe at any time by using the dedicated icon at the end of each newsletter or by sending us an e-mail.
1. Web analytics services
2. Google Analytics
We would like to point out that Google Analytics on this website has been supplemented with the code “anonymizeIP”. As a result, the IP addresses of visitors are stored anonymously (by means of IP masking) and transmitted to Google Analytics. With this code, your IP address will be shortened in advance within the member states of the European Union or in other member states of the European Economic Area Treaty. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will be shortened.
Google Analytics uses the information collected to describe the use of our website by means of statistics and reports.
Google will also pass on this information to third parties if this is required by law or if these third parties process the data on behalf of Google.Google Analytics undertakes to comply with the data protection regulations of the European Union. User and event data is generally only stored for 26 months.You can block the installation of cookies by selecting the appropriate settings in your browser. However, such deactivation may prevent the use of certain features of our website. Google Analytics offers an opt-out option for the most popular browsers, which gives you more control over the data collected and processed by Google Analytics. If you enable this option, no information about your visit to the website will be transmitted to Google Analytics. However, using the opt-out option does not prevent the transmission of information to GIFF or other web analytics services that we may use. For more information about the opt-out option provided by Google and how to activate it, please follow this link.
Type of COLLECTED data:
- the IP address of the requesting computer
- the date and time of access
- the name and URL of the data accessed
- the website from which our domain was accessed
- the operating system of your computer and the browser you are using
- the country from which our website was accessed
- the name of your Internet service provider
Users can prevent the recording of the data generated by the cookie and related to the use of the website by the user concerned (including the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under this link.
3. External links and third party functionality
The GIFF Foundation has no influence on the external content we refer to, nor on the compliance with data protection regulations by third-party providers whose functions are linked to our website. In this regard, we refer you to the data protection guidelines of the following third-party providers and their subsidiaries:
- Facebook Inc.
- Instagram Inc.
- Twitter Inc.
1. Use of the data
Your participation as a partner, guest, moderator, accredited person, press or other function closely related to a GIFF Foundation event will require registration of your information in our Eventival organizational system. Eventival is a professional event management tool used by many film festivals around the world, produced by a service provider based in the Czech Republic. This data is strictly used to process your participation (confirmation of participation in a party, travel, hotel, planning, etc.) and to provide you with practical information about the event.
This data will not be sold or given to third parties or used for any purpose other than that for which you provided it to us.
2. Personal data
The term “personal data” as used in this section refers to information that can identify you, such as:
- civil status
- full name
- for guests traveling by air, a copy of the passport
- date of birth
- private and/or professional postal address
- private and/or professional e-mail address
- private and/or business telephone number
3. Unsubscribe, correct or delete personal data
You have the right to ask us in writing for information about your stored personal data, as well as the right to have it corrected or deleted if you wish. If you wish to exercise this right, please write to us or send us an e-mail to firstname.lastname@example.org. (Please note that we will ask you for a copy of an official document confirming your identity).
Eventival Data Protection Policy
1. Person in charge of the treatment
Responsible for the collection and processing of your personal data: Net Oxygen Sàrl Avenue d’Aïre 56 1203 Geneva Switzerland Tel: +41 (22) 364 8000 E-mail: email@example.com website: https://www.ticketack.com
Is responsible for the use of your personal data: Fondation GIFF
2. General purposes of the processing
We use personal data to ensure the functionality of our website and to provide our content and services. The GIFF Foundation treats personal data seriously, carefully and purposefully. In doing so, we adhere to the requirements of current data protection law.
3. What data do we use and why?
3.1. Access data
When you visit our websites, the browser on your computer or mobile device automatically sends data to our website server. This data is temporarily stored in a log file. The following data is collected without your intervention and stored until it is deleted:
- name and URL of the recovered file
- date and time of recovery
- amount of data transferred
- message about successful recovery (HTTP response code)
- browser type and version
- operating system
- referrer URL (i.e. the previously visited page)
- websites called by the user’s system via our website
- user’s internet service provider
- IP address and the requesting provider
We use this protocol data, without attributing it to you or creating any other form of profiling, for statistical analysis for the operation, security and optimization of our website, but also for anonymous recording of the number of visitors to our site (traffic), the extent and nature of the use of our website and services, and for billing purposes to measure the number of clicks received. Based on this data, we can provide personalized and localized content, analyze traffic, investigate and correct errors, and improve our services. This use of data is also our legitimate interest. We reserve the right to audit protocol data after the fact if, on the basis of concrete evidence, there is a legitimate suspicion of unlawful use. We store IP addresses in log files for a limited period of time when this is necessary for security reasons, for the provision of services or for billing a service, for example, if you subscribe to one of our offers. We also record the date of your last visit as part of your account activity (e.g., when you register, login, click on links, etc.).
3.2. Data to enable us to fulfil our contractual obligations
We process the personal data that we need to fulfill our contractual obligations to you, such as first name, last name, address, delivery address, e-mail address, billing and payment data. The deletion of this data takes place after the expiration of the legal retention periods. Data associated with a customer account (see below) will be retained in any case for the duration of the account’s activity. We may also use your personal data to verify compliance with the terms and conditions of sale and to combat fraud. The legal basis for processing this data is the performance of the contract with you or our legitimate interest in fighting fraud.
For the order we need you to provide us with certain contact data such as first name, last name, address, e-mail address and telephone number. For a new registration we collect basic data (name, address), communication data (e-mail address) as well as access data (user name and password). You can have a created customer account deleted or at any time by notification to the contact details mentioned in point 1, without incurring any transmission costs other than those provided for in the basic rates.
3.4. E-mail and other contacts (notices written, contact with customer service)
If you contact us (e.g. via a contact form or e-mail), we will process your data to process the request or notification as well as to answer any follow-up questions. If the data processing takes place in order to take pre-contractual measures at your request, e.g. the case where you are already our customer, for the performance of the contract, then the legal basis for the data processing is the performance of the contract. We will only process other personal data if you consent or if we have a legitimate interest in doing so. A legitimate interest lies, for example, in responding to your e-mail or other request.
In particular, we use session cookies $to optimize our websites. A session cookie is a small text file sent by the relevant servers when you visit a website and stored on your hard drive. This file contains a session ID with which various requests from your browser can be assigned to the shared session. These cookies are deleted after you close your browser. They make it possible, for example, to use the shopping cart functionality on several pages.
We also use a small amount of persistent cookies (also small text files stored on your device) that remain on your device and allow us to recognize your browser the next time you visit. These cookies are stored on your hard drive and deleted automatically after a predetermined period of time. Their lifetime is from 1 month to 10 years. Cookies enable us to offer more user-friendly services in an efficient and secure manner and to display information on the page that is relevant to your interests, for example.
Our legitimate interest in using cookies is to make our websites more user-friendly, effective and secure and to tailor the information available to your interests in the best possible way and to make your online experience as informative as possible.
Cookies store the following data and information:
- login information
- language settings
- search terms entered
- information about the number of visits to our websites and the use of individual functions of our website.
When the cookie is set, it is assigned an ID number and no personal data will be assigned to the ID number. Your name, IP address, or similar data that would associate the cookie with your account will not be included in the cookie. Based on cookie technology, we only receive anonymized or pseudonymized information, such as which pages of our websites are visited, which products are viewed, etc. You can configure your browser to inform you in advance about the setting of cookies and decide on a case-by-case basis whether you exclude the acceptance of cookies in certain cases or in general, or whether cookies are prohibited altogether. This may limit the functionality of the websites. You can also find the deactivation functions (opt-out functions) of the third-party supplier Admeira AG under the following link: http://www.admeira.ch/optout.
4. Rights of the person concerned
You have the following rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly stating your identity, to the address indicated in point 1.
- Request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the category of recipients to whom your data are or have been disclosed, the intended retention period, the right of rectification; erasure, limitation of processing or objection, the right to lodge a complaint, the origin of your data if not collected from us, and the existence of automated decision-making, including profiling as well as useful information on their details ;
- Request that incorrect personal data be corrected or that incomplete data stored on our servers be completed as soon as possible
- Demand the erasure of your personal data stored on our servers, unless the processing of such data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- To demand the restriction of the processing of your personal data, if (1) you contest the accuracy of the data, (2) the processing is unlawful and you object to its erasure, (3) we no longer need the data, you need it for the establishment, exercise or defense of legal claims, or (4) you objected to the processing during the verification as to whether the legitimate grounds pursued by our company prevail over your own;
- Receive the personal data you have provided to us in a structured, commonly used and machine-readable format or require the transmission of the data to another controller;
- Withdraw your consent once given at any time. As a result, we may not continue to process data based on that consent in the future;
- Submit a complaint to a supervisory authority. As a general rule, you can contact the supervisory authority of your place of residence or work or that of our head office.
4.1. Right of objection
If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data, insofar as there are reasons related to your particular situation or if the objection is directed against the mailing. In the latter case, you have a general right of objection, which we implement without specifying any particular situation.
5. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Personal data transmitted to us is encrypted. This applies to your orders and also to the login in your customer account. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission on the Internet (e.g. in the case of e-mail communication) can have security gaps. A complete protection of the data against access by third parties is not possible. In order to protect your data, we implement technical and organizational security measures which we continuously adapt to the state of technological knowledge. We also do not guarantee that our offer will be available at all times, as disruptions, interruptions or breakdowns cannot be excluded. The servers we use are regularly and carefully backed up.
5.1. Transfer of data to third parties
Your personal data is only used for our company purposes
The personal data collected in connection with a ticket purchase may be used to inform you in the future about the same or similar events. You may opt out of receiving this information at any time.
If and insofar as we outsource parts of our data processing (e.g. to a collection agency), we contractually oblige our processor(s) to comply with the provisions of the applicable data protection law when using such data and to ensure the protection of the data subject’s rights.
Apart from these cases mentioned in this explanation (see in particular paragraph 6), there is no transfer of data to third parties outside Switzerland and the European Economic Area (EEA), nor is this planned.
5.2. Modification of the personal data protection policy
If you have any questions or concerns regarding data protection, please contact us by sending a message to the contact details mentioned in point 1.
5.3. Unsubscribe, correct or delete personal data
You may ask us to correct or delete any information you believe to be inaccurate. Please note that certain data must, by law, be kept for a specific period of time. This data will therefore be stored until the expiry of these periods but will only be used to comply with the legal requirements.