Privacy & Disclaimer

Reykjavík International Film Festival (hereinafter: ‘RIFF’) is committed to protecting your privacy. We are committed to safeguarding your privacy and we therefore handle personal data with care.

In this privacy statement, we want to provide clear and transparent information on what data we collect and how we handle this personal data. We will use the information that we collect about you in accordance with the Icelandic Data Protection Act, including the General Data Protection Regulation which came into effect on May 25, 2018.

Controller

As RIFF, we are responsible for the processing of your personal data. If you still have any questions after reading this privacy policy, or wish to contact us about it, you can do so via:

Reykjavík International Film Festival
Tryggvata 17
101 Reykjavík
riff@riff.is

To provide our services and to offer you the best service

The delivery and invoicing of services requested by you: ticket purchases, donations, memberships, any inquiries and attendance at certain events (performance or conclusion of a contract). For example, if you purchased a ticket from us or participated in a competition, we will use your data to provide you with the ticket or prize.
To provide information to professionals and the press on the activities of RIFF (legitimate interest) and their application for accreditation (consent);
General customer management including order follow-up, invoicing, payment and accounting processing (contract performance);
Processing of and follow-up on complaints and returns (contract performance)

To inform you about our products, services and activities

We may use your information to inform you about existing and new products, services, special promotions, workshops, events, screenings, concerts, webshop offers, pre-sale dates, webinars, training sessions, job vacancies, and other matters, to engage in direct marketing so that we can inform you about matters which we think may be of interest to you. Occasionally, we may include in this communication information from partner organizations or organisations that support us. This can take place in writing, electronically or by telephone. This processing is based on legitimate interests for existing customers, and on your explicit prior consent if you are not yet a customer of RIFF (insofar as such consent is required).
We can also analyze your browsing and reading behavior and create content for our websites or newsletters that suits your needs. We do this by recording your visits to and activities on our website, such as viewing pages or clicking on links. This also allows us to give you easier access to the information you are looking for (legal basis of consent).
We may use your personal data to tailor our communications to your preferences and/or to provide you with a specific invitation to our events (legal basis: legitimate interest).
In social media campaigns, RIFF sometimes uses specific target groups (e.g. Facebook Custom Audience) to show advertisements in your timeline that are specifically tailored to your interests. These target groups are created within the social media platform or by uploading encrypted email addresses and deduplicating them with users within the platform. In this way RIFF can opt to approach its visitors in a targeted manner, or not, within a social media campaign. This use of your data is based on our legitimate interests. If you do not wish us to do so, please let us know at the above email address. You can also set and manage your advertising preferences extensively via Facebook settings.

To promote our services

RIFF records film, photo and audio material that can be used for informative and promotional purposes on its website, social media accounts and other media based on legitimate interest when it would not be necessary, desirable or feasible to obtain your specific consent. For example, we may ask specific permission for conspicuous or impactful use of photo material, but usually not for group shots, background visibility or internal use.

To evaluate and improve our services

We may collect information about how you use our services (such as our website) to analyse our customer base and improve our processes (legitimate interest).
We also use your data to analyse and improve the use and general functioning of our services (for example, to better understand your interests, to conduct research on potential visitors) and for statistical purposes (legitimate interest). Management of disputes and legal proceedings, recovery or assignment of debt and protection of our rights in general (legitimate interest);
Combating possible fraud and abuse (legitimate interest).

To select new employees and ream members

Within the framework of a job application procedure, we process your data because it is necessary in order to assess whether we wish to enter into a contract with you (legal basis: contractual).
When personal data is processed on the basis of consent, you always have the right to withdraw the consent given. You can contact us for this using the contact details at the top of this statement or unsubscribe via the link in our newsletters.
Where we rely on the legal processing ground of our legitimate interests, you always have the right to object to the processing of your data (such as for direct marketing).

What information do we collect?

Below we clarify which of your data we can process on the basis of your relationship with RIFF. Depending on the situation, we do not process all of the following data about you.

Visitors and users of our website

Device data (electronic identification data): such as IP address, brand and type, location data, demographic data, operating system, browser type, browser usage, device name, log-in data of your (mobile) device;
Data about your use of the website (log file data): details of website visits (date and time of your online visit), including how you get to the website, connection times, the web pages visited (opened), mouse clicks, browsing behavior (the way you navigate the web pages visited), use of social media.
Personal details you fill out in your personal my film festival-profile: name, email, and optional: gender, postal address, telephone number, preferences (receive festival guide(s), newsletters).

Customers, potential customers and business partners

Identifying information: Surname and first name
Private contact details: postal address (street, number, postcode, town, country), email address, telephone number(s)
Personal details: date of birth, gender, marital status, nationality
Special access needs: for example, if you have a disability that requires wheelchair accessibility, audio description, looping or other facilities
Financial data and details: bank account number, IBAN number, card numbers, payment codes, payment behaviour
Transaction history (the interactions with RIFF): history of ticket sales, subscriptions purchased, donations, memberships, any questions or complaints, attendance at certain events, …
Contact history: sent and received communication with you (for example via email, via the contact form on our website, via WhatsApp or Facebook Messenger)
Images: photographs, videos and recordings that we use for promotional purposes.
For some subscription packages, we use personal access passes with a photo.
Other personal background information that you provide to us, for example when you share your story with us (through interviews, surveys, etc.) or otherwise communicate with us.

Accredited persons (press, professionals, etc...)

Identifying information: Surname and first name.
Private contact data: postal address (street, number, postcode, town, country), email address, telephone number(s).
Language preference.
Company contact details: name, postal address, professional email address, company telephone number, position within the organisation.
Image material: for the production of personal access passes with a photo.

Prospects, interested parties, useful contacts within our sector, network contacts and expert contacts.

Identifying information: Surname and first name.
Private contact data: postal address (street, number, postcode, town, country), email address, telephone number(s).
Company contact details: name, postal address, professional email address, company telephone number, position within the organization.

Prospective employees

Identifying information: Surname and first name.
Contact details: postal address, email address, telephone number, position.
Personal characteristics: including age, sex, date of birth, place of birth, marital status, nationality.
Contact history: sent and received communications with you.
Work-related data: including curriculum vitae, training courses, certificates and lists of marks, language skills, professional career, publications.
Personality profile: including hobbies, social activities, personality.
Evaluation data.
Images and portfolio: including photographs, graphics or video footage that you would provide in the context of your application.
Contact details of your references, if any.

How do we collect your information?

Information obtained directly through you

Via your personal myfilmfestival-profile or other:

When you sign up for one of our events
When you sign up for our newsletter
When you participate in a competition
When you submit a film, score or other artistic work for the festival
When you buy a ticket
When you make a purchase from our shop
When you update your preferences on our website
When you apply for a job
When you register with us as a professional or as press (e.g. an accreditation, industry packages, World Soundtrack Awards membership)
When you cast your vote
When you communicate with us in any other way

Data you provide us with indirectly

It is also possible that photographs are taken or films recorded during activities, workshops and/or events. You always have the opportunity to inform the photographer that you do not wish to be photographed.
We keep a record of the emails and newsletters we send you, and we may track whether you receive or open them, so we can make sure we are sending you the most relevant information.

Data we collect automatically

We automatically collect data through cookies and similar technology when you use, access or interact with our website. Through these cookies, pixel tags, web beacons or plugins RIFF can use certain collected data to display or have displayed targeted advertising messages on its website, third-party sites or social media.

Information obtained from other sources:

We may also obtain personal information about you from other sources, such as if a family member or friend contacts us on your behalf. Where this occurs and it is not practical for us to provide you directly with a copy of our privacy policy, we may ask the person who provided us with your information to make this privacy policy available to you.

Through a third party (partners) which processes personal data for us

Your information may be shared with us by our ticketing software, but only if you have indicated that you give your consent to hear from us.
When we organize an event as a co-production with one (or more) third parties, personal data can be shared in the context of the practical organization of the event.

Via social media

- We use social media to broadcast messages and updates about events and news. We may reply to comments or questions you make to us on social media platforms. You may also see adverts from us on social media that are tailored to your interests. See our cookie policy above for further information.
- Depending on your settings and the privacy policies used by social media and messaging services like Facebook, LinkedIn or Twitter, we may receive non-personally-identifying demographic or analytical information from these services that enable us to better understand the reach and effectiveness of our advertising.

Through publicly available information

Information available publicly
This may include information found on publicly available websites, your biography on your work website or information that has been published in articles/ newspapers. We can use the contact information found in online (and publicly available) directories in case of emergencies, but will never store this information or use it for marketing purposes.
Professionally used contact information found in a public source, such as the contact page of your organization’s website, can be used to provide information about certain activities (only if there is a clear connection and/or possible collaboration between the organization and RIFF’s aforementioned activities). You can ask us not to receive these emails at any time.
If we receive personal data from third parties, we always ask for confirmation that the organization has obtained the data lawfully, has the right to use the data and has the consent of the person concerned to use the data for the desired purpose.

With which third parties can we share your data?

With third parties – processors

We can provide the data you give us to our external service providers if this is necessary for the fulfilment of the purposes described above.

For example, we use a third party (external service provider) for:

Taking care of IT infrastructure (including IT network, servers, etc.), i.e. Yaska
Storing and processing digital data (and files) in the Cloud (via the hosting service for Customer Relationship Management (CRM), planning and data storage), i.e. Fiona.
Taking care of the internet environment and the management of our website, namely Combell for web hosting/mail hosting, and Glue as web builder and designer which also takes care of the processing of data entered on our website.
Analysing the way you navigate our website (if you have given permission for the use of analytical cookies).
Providing and distributing newsletters/information brochures/invitations through a mailing platform, i.e. Campaign Monitor. Film Fest Ghent uses Campaign Monitor to send newsletters to its visitors.
Ticket sales: ticket sales are conducted via the Ticketmatic ticketing system. Ticketmatic does not use your data in any way and only processes it on our behalf.
Execution of payment transactions. Online payments are processed via payment partner Mollie. RIFF itself does not have access to your bank account number or credit card number, but this data may be processed in the event of a refund for which you contact us.
The webshop: the online shop of RIFF is hosted on the e-commerce platform Shopify.
PwC oversees the World Soundtrack Awards voting process in order to detect voting fraud as an external partner of RIFF. For more information on how they handle personal data, read their privacy policy.
Organising certain events, in cooperation with an external organisation that assists us in the organisation of the event (such as Vooruit).
Taking care of the (financial) administration and social secretariat.
Delivery of mail and other shipments (through postal, transport and delivery companies.
Legal advice and support.
Compliance with laws and/or regulations.
Conducting surveys.

These external service providers are given access to certain data and information within the context of their assignment. In other words, they only act on our behalf and for our account. They are therefore never permitted to use your data for their own purposes. Moreover, these service providers are contractually bound to guarantee the confidentiality of your data. For this purpose, we have concluded a so-called “processor’s agreement” with these parties.

With third parties – recipients

We share personal data with the following external parties:

Partners: in the context of specific collaborations with certain partners, we may need to share data with those partners (for example, workshops/events developed by two or more organisations and for which lists of participants are exchanged); If you have participated in a competition in which you have won prizes from a third party and these prizes need to be delivered to you. We will always inform you in time so that it is clear to you that your data is being shared. Of course, we make the necessary arrangements with these parties to guarantee the security and confidentiality of your personal data and to ensure that they are only used for the purpose for which they were collected and only for as long as necessary within the cooperation.
Organisations for which we organise ticket sales: when you buy a ticket from our webshop for an event organised by another organisation, your name, contact details and the number of tickets you bought will be shared with the organiser.
Government and authorities: we transfer your data to the government and authorities if this is required and permitted by law (such as tax administrations, social security agencies, subsidising authorities, police, etc.).
Social media providers: Our website contains references (links) to social networking sites such as Facebook, Twitter or Instagram. Using the specific buttons, you can share information on those platforms. The buttons that link to these social network sites are realised and managed by the social media themselves. These social media sometimes also place cookies on your (mobile) device in the process. In other words, we do not have full control over the uses to which those companies put such buttons. We therefore recommend that you also read the terms of use and cookie and privacy policies of the social networking sites.

As regards the collection of user statistics via analytical cookies and the sending of newsletters via a mailing platform (Campaign Monitor), your personal data may be processed outside the European Economic Area. A transfer will only be made to third countries which have been confirmed by the European Commission as ensuring an adequate level of protection for your data, or when other measures have been taken to ensure the lawful processing of your data in these third countries.

How long do we keep your data?

RIFF will not keep your personal data longer than necessary for the purpose for which it was provided. However, retention periods may vary according to the purpose. Conditions for retention or storage laid down by specific legislation (such as in the area of accounting) are always observed by us.

What is the maximum retention period?

RIFF undertakes not to retain data longer than a maximum of 7 years after the last contact/use (or the termination of the relationship or cooperation), except for personal data that we must retain for longer on the basis of specific legislation or in the event of a longer contractual liability or in the event of a current dispute for which the personal data is still needed.

Some information can be stored indefinitely for historical, statistical or research purposes. As mentioned below, you have the right to ask us to remove your personal data from our databases.

How we keep your details safe and secure

We have taken appropriate technical and organizational measures to protect personal data against unlawful processing:

How is data security monitored within RIFF?

All persons and organisations that can access your data on behalf of RIFF are obliged to maintain confidentiality in respect of such data
We have an internally documented password policy and control access on all our systems
We test and evaluate our measures regularly
Our employees have been informed about the importance of the protection of personal data. These employees and partners are granted access to your data to the extent that they need this information to properly perform their tasks (for example for the Ticketmatic system).

However, should an incident occur involving your data, you will be notified personally in the circumstances provided for by law.

What rights do you have regarding your data?

Below is a list. You can contact us to exercise your rights at the address at the top of this privacy statement, accompanied by a note giving the reasons for your question.

We may ask you to identify yourself before responding to the above requests by attaching a copy of the front of your identity card to your application. In such cases, we strongly recommend that you make your passport photo invisible and indicate that it is a copy in order to prevent possible misuse.

Inspection and copy

You have the right to inspect and obtain a copy of the personal data relating to you. That way you can keep track of what data we have on you.

Correction and supplement

You have the right to correct and supplement your data if it is incorrect, no longer correct or incomplete.

Deleting data

You have the right to delete personal data which we have received from you and which is no longer strictly necessary for the purposes for which it was processed.

However, we are not always obliged to delete your data if you ask us to do so. We only need to do so in the cases provided for by the law.

Right to object

You have the right to restrict data processing. If you object to the processing of certain data, you can ask for this processing to be stopped. In such cases, we will continue to keep your data, but will limit its use. This involves temporary halting of the processing until, for example, there is certainty about its accuracy. We only need to do this in the cases provided for by the law.

You have the right to object to the processing of your data based on our legitimate interests. This should be done on the basis of specific reasons related to your situation. In such cases, we are required to stop processing, unless we have compelling legitimate grounds to continue. However, irrespective of the legal basis on which we rely, you can always object, without giving any reasons, to the use of your data for direct marketing purposes (such as the display of advertisements adapted to your preferences and profile, the sending of newsletters), after which we are obliged to stop the processing for these purposes. You will be given the opportunity to unsubscribe or change your preferences with each email.

Transfer of data

You have the right to have the data you have provided to us transferred to you or on your behalf directly to another party in a structured, common and machine-readable form.

No category of persons is subject to any form of automated decision-making based on profiling.

Where can you submit any complaints?

We make every effort to handle your personal data in a careful and legitimate manner and in accordance with the applicable regulations.

If you have a complaint about the processing of your personal data or about the exercise of your rights, please contact us directly at the address at the top of this privacy statement.

If you feel that your rights have been violated and your concerns are not being addressed within our organisation, you are free to file a complaint with the supervisory authority for privacy protection:

Reykjavík International Film Festival
Tryggvagata, 17, 101, Reykjavík
production@riff.is

When was this privacy statement most recently amended?

RIFF may amend its privacy statement from time to time. We will make an announcement about such an amendment on our website. The amended privacy statement shall apply immediately upon publication.

Most recent amendment: Sept 2021.