We are committed to handling your personal information responsibly and to protecting the privacy and security of the personal information that is provided to us or collected by us during the course of our business. With this Data Protection and Privacy Policy (hereinafter referred to as the “Policy”), the AUBE FilmFestival (hereinafter referred to as the “Festival”) wishes to provide the public with information on the nature, scope, and purpose of the data that it collects, uses and processes. In addition, the Festival also wishes to draw your attention to the rights that you have by means of this Policy. Kindly read the Policy of the Festival carefully before using or visiting (the natural person doing so hereinafter referred to as the “User” or the “Data Subject,” unless otherwise specified) the Festival’s services (hereinafter collectively referred to as the “Services”), namely when:
- visiting the Festival’s website (www.aubefilmfestival.ch)
- applying for a Festival accreditation, acquiring a Festival accreditation or a Festival ticket, accepting an invitation to make use of the Services as well as submitting a film for the Festival’s consideration;
- contacting the Festival for recruitment purposes;
- visiting or using any web application or website made accessible by any staff member of the Festival referring to the present Policy;
- providing any information to the Festival via email, phone, mail, or in person when visiting the Festival’s premises or interacting in any manner with the Festival’s staff;
- participating in any Festival event or movie presentation (hereinafter referred to as the “Event” or, collectively, the “Events”);
As a general rule, Data Subjects provide Personal Data (i.e. any information relating to an identified or identifiable natural person; hereinafter referred to as “Personal Data”) to the Festival. If Users provide us with the Personal Data of other persons (family members, work colleagues, staff members, etc.), please make sure that Data Subjects are aware of this Policy. We kindly ask Users to provide us with Data Subjects’ Personal Data only if allowed to do so and under the condition that such Personal Data is correct.
In some cases, however, the Festival might collect Personal Data about Users from a third-party source, such as a government agency, an information or service provider, or from public records.
By continuing to use the Festival’s website or any System referring to this Policy, you consent to the latter’s content.
1. Data Controller
Unless otherwise specified, the controller, i.e., the responsible person (hereinafter referred to as “Data Controller”) of the Personal Data of Services’ Users is:
Verein Tagamunda, Basel
aubefilmfestival.ch
info@aubefilmfestival.ch
2. Policy Statement
The Festival processes Personal Data with great care and only to measure and improve the performance of its Services, thereby being fully committed to ensuring the rights of Data Subjects are granted under the applicable data protection laws. The access and use of the Services are governed by this Policy, which applies to all Users and any other party accessing or using the Services. This Policy also governs the Festival’s collection of Data Subjects’ Personal Data (hereinafter referred to as “Data Collection”).
3. Legal basis
The legal basis for Personal Data Collection is determined by Swiss national laws, namely the Swiss Federal Data Protection Act (hereinafter referred to as “FADP”). Without being legally obliged, the Festival aligned its Policy with the EU General Data Protection Regulation 2016/679 (hereinafter referred to as “GDPR”) as the Services may be provided to Users outside of Switzerland.
4. Types of Personal Data collected
The Personal Data which can be the object of the Data Collection might include:
- email address;
- first and last name;
- phone number;
- biographical information;
- details of Festival participants’ visits to the Festival’s offices, to their presence in the context of the Festival and its events (including participants’ being photographed or recorded during official Festival events);
- Cookies and usage data. Usage data include the IP address, the date and time of the access, the name and URL of the file accessed, the website from which the admission is made (aubefilmfestival.ch), the browser used, the operating system of the computer used and the name of the access provider. The Festival’s use of this data allows a smooth connection setup, comfortable use of the Services, and a comprehensive evaluation of its system’s security and stability. Cookies and similar technologies, the latter often referred to as tracking data, assist in the context of user authentication, remembering Users’ preferences, illustrating how Users use the Services, and managing as well as evaluating the effectiveness of the Festival’s marketing projects. Data Subjects are free to refuse all cookies. In this case, Data Subjects might be unable to use parts of our Services.
5. Use and processing of Personal Data
The Festival will not misuse any Personal Data Users provide when using the Services. In addition to the aforementioned and in light of its (or any third party’s) legitimate interest, the Festival might collect the Personal Data of Users or other third parties for:
- analyzing, developing, and optimizing the Festival’s Services and its products, including behavioral targeting;
- managing the Festival’s business relationship with Users or Users’ organizations, whether in connection with human resources and recruitment purposes, with the sale of goods and services, or with the submission of a movie or any product or service for the Festival’s consideration;
- registration and authentication, as well as displaying content from external platforms and managing contacts or sending messages;
- processing the Festival’s marketing and sponsorship policy, including organizing events and conferences;
- market and opinion research;
- securing the Festival’s business operations, including the Festival’s IT systems and its premises;
- asserting legal claims and elaborating appropriate defense in the context of legal dispute;
- preventing criminal offenses or other misconduct;
- complying with court orders and other mandatory regulatory requirements.
Data Subjects’ unambiguous consent forms the basis of Data Collection, which will be stopped as soon as the purpose of Data Collection ceases to apply; in any case, the Festival will retain Personal Data only for as long as it is necessary for the purposes set out in and connected to this Policy.
If Users have given the Festival their consent to process Personal Data for certain purposes, the Festival will limit the processing of such Personal Data according to such consent.
6. Hosting, retention, and transfer of Personal Data
The Festival has its legal seat in Basel, Switzerland, and Services’ Users’ Data are hosted in an encrypted database.
The Data Controller processes Personal Data properly and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of such data. As soon as the retention of Personal Data ceases to be necessary for the purposes set out in and connected to this Policy, such data will be canceled.
The Data Collection is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated in this Policy. In addition to the Data Controller, in some cases, the Personal Data might be accessible to external parties (such as third-party technical service providers and platforms, mail carriers, hosting providers, IT companies, and communications agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time by contacting the Festival under the address provided in Art. 1 above.
The Festival is entitled to transfer Personal data for the purposes set out in this Policy to third companies located in Switzerland or abroad. The Festival’s affiliates, agents, and third-party service providers who access Personal Data obtained through the Website must respect the User’s privacy, comply with legal obligations, and adhere to contractual safeguards. When transferring Personal Data internationally, the Festival complies with applicable laws and regulations, for example, by entering into agreements that will ensure that the recipients of the User’s information maintain an adequate level of data protection.
The Festival will not sell User’s Personal Data to any third party.
7. Data Subjects’ rights
By and as far as provided by applicable law (as is the case where the GDPR is applicable), Data Subjects can exercise, under certain circumstances, the following rights concerning their Data:
- Right to access: Data Subjects can request access to their Personal Data and specific information connected to its processing;
- Right to erase and rectify: Data Subjects can request a rectification or the partial or complete erasure of their Data;
- Right to restriction of processing: Data Subjects can request that the Festival restricts the processing of their Data;
- Right to object: Data Subjects can object to the processing of their Data.
Moreover, shall Data Subjects have given the Festival their consent to process their Data for certain purposes, they can revoke such consent at any time.
The Festival might refuse to provide access or might be obliged to retain certain Personal Data in case the relevant statutory restrictions or the Festival’s overriding interests impose such actions. Shall this be the case, the Festival will promptly provide Data Subjects the reasons that led the Festival to make such a decision.
Shall Data Subjects wish to exercise the above-mentioned rights, kindly contact the Festival at the email or postal address provided in Art. 1 above. Please be informed that every Data Subject has the right to enforce its rights in court or to lodge a complaint with the competent data protection authority. Switzerland’s competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
8. Links to third-party websites
The Festival’s Services might contain links to third-party websites or services not owned or controlled by the Festival. Therefore, the Festival assumes no responsibility for any third-party website or service’s content, privacy policies, or practices. Data Subjects hereby understand and agree that the Festival shall not be liable – directly or indirectly – for any damage arising from or out of any occurrence in, upon, at, or relating to any such website or service.
9. Enforcement and severability clause
The Festival’s potential failure to enforce any right or provision of this Policy cannot be considered a waiver of such rights. If any provision of this Policy is held to be invalid or unenforceable by a court, the remaining provisions of this Policy will remain in effect.
10. Amendments of this Policy
The Festival retains the right to amend or change this Policy anytime. Changes to this Policy will be published on the Website.