Principles of Personal Data Protection

I.       Basic provisions

  1. The Controller of personal data as per Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter only: “GDPR”) is KVIFF.TV a.s., Panská 892/1, Nové Město, 110 00 Prague 1, Company ID: 107 80 777, Tax ID: CZ10780777, entered in the business register maintained by the Municipal Court in Prague, file no. B 26283 (hereinafter only “Controller”).

II.      Sources of categories of processed personal data

  1. The Controller processes personal data that you have provided to it or personal data that the Controller has obtained through its website in the performance of a contract between you and the Controller.
  2. The Controller processes
    • identifying information (e.g., name and surname)
    • contact information (e.g., e-mail)
    • information about your account (e.g., user account settings of purchase history)
    • information about your actions on the website (e.g., information about content that interests you)
    • information about your actions when reading the messages we send you (e.g., times of opening messages)
    • derived data (e.g., data derived from information about your account, your behavior on the website, and your behavior when reading the e-mails we send you)
    • information relating to your communication with us (e.g., the content of our communication)
  3. The Controller also processes personal data collected through cookies and other, similar technologies. More information about the use of cookies can be found in Cookie settings.

III.     Lawful basis and purpose for processing of personal data

  1. The lawful basis for the processing of the personal data is
    • performance of the Controller’s legal obligations
    • conclusion and performance of a contract
    • the Controller’s jus­tified interest
    • revocable, informed, unambiguous, and free consent
  2. The purpose for the processing of the personal data is/are
    • maintenance of a user account and provision of services by KVIFF.TV, i.e., so that the Controller may meet its obligations arising from the contract with you
    • improving the quality of the services provided, i.e., so that the Controller can analyze data on the behavior of visitors to the website, identify visitor preferences, and test new functionalities
    • marketing activities, including the sending of commercial communications, i.e., so that the Controller can send you information about, for example, its services or what is new on the KVIFF.TV platform
    • protection of the Controller's legal claims, i.e., so that the Controller can defend its claims in court, out-of-court, or enforcement proceedings
    • performance of the Controller’s legal obligations, in particular in the field of taxes and accounting, i.e., so that the Controller can meet its obligations arising from relevant legal regulations

IV.    E-mail commercial communications

  1. You may be the recipient of information, sales offers, and news related to the seller or its products, sent on behalf of the Controller to your e-mail address. These commercial e-mails are not unsolicited commercial communications. The Controller sends them for reasons of its legitimate interest.
  2. Commercial e-mail communication that are not related to the offered products (films) are sent to users by the Controller on the basis of consent. The Controller sends commercial e-mail communication to potential users on the basis of consent.
  3. You can unsubscribe from commercial e-mails – those sent on the basis of legitimate interest as well as those sent on the basis of consent – at any time via the unsubscribe link located in the commercial e-mail or by editing the settings in your user account on the website. For technical reasons, if you use multiple user accounts with different e-mail addresses unsubscribing from commercial e-mails is done separately for each e-mail address.

V.     Storage period of data

  1. The Controller stores
    • data necessary for the conclusion and performance of the contract and data that is processed for the analysis of information on the behavior website visitors: for the duration of the contract
    • data processed on the basis of consent: for a period of 10 years or until the consent is withdrawn
    • data processed for the protection of legal claims: for the duration of the statute of limitations, including the period covering any suspension or interruption thereof, but typically no longer than 16 years after the termination of the contract
    • data processed for the performance of the relevant legal obligations: for the duration of the relevant obligation
  2. If judicial, criminal, administrative, or other similar proceedings are initiated before the expiration of any of the above deadlines, the Controller will process personal data for the duration of such proceedings and for the remainder of the limitation period after their conclusion.
  3. The Controller will delete the personal data after expiration of the storage period.

VI.    Recipients of the personal data

  1. The recipients of the personal data are the following
    • Persons involved in the delivery of the product and the execution of payments
    • Persons providing marketing services
    • Providers of technical infrastructure
  2. The Controller has no intention of transferring the personal data to a third country (non-EU country) or passing it on to an international organization.
  3. In the event that the Controller transfers, in whole or in part, a business or other activity to another person (including the assignment of contracts), then such transfer would include the personal data relating to that activity. For these purposes, information (including personal data) relating to the activities of the Controller may be shared with other parties so that the transaction can be evaluated and concluded.

VII.   Your rights

  1. Under the terms of the GDPR, you have
    • the right to access your personal data pursuant to Article 15 of the GDPR
    • the right to correct personal data pursuant to Article 16 of the GDPR or limitation of processing pursuant to Article 18 of the GDPR
    • the right to deletion of your personal data pursuant to Article 17 of the GDPR
    • the right to object to processing pursuant to Article 21 of the GDPR
    • the right to the portability of data pursuant to Article 20 of the GDPR
    • the right to revoke your consent with processing pursuant to Article 7 of the GDPR
  2. You also have the right to file a complaint with the Office for Personal Data Protection if you believe that your right to personal data protection has been violated.
  3. You can contact us regarding all matters relating to the processing of your personal data, whether it is to make an inquiry, exercise a right, make a complaint, or anything else, at the following contacts:
    • Email: hello@kviff.tv
    • Mailing address: KVIFF.TV, Panská 892/1, Nové Město, 110 00 Praha 1

VIII.   Conditions for personal data security

  1. The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data.
  2. The Controller has taken appropriate technical measures to secure data storage and the storage of personal data in paper form.
  3. The controller declares that only persons authorized by the Controller have access to the personal data.

IX.    Final provisions

  1. The controller reserves the right to amend these policies at any time.
  2. These policies are valid and effective from 1 May 2022.