Reykjavík International Film Festival (hereinafter: ‘RIFF’) is committed to protecting your privacy. We are committed to safeguarding your privacy and we therefore handle personal data with care.
In this privacy statement, we want to provide clear and transparent information on what data we collect and how we handle this personal data. We will use the information that we collect about you in accordance with the Icelandic Data Protection Act, including the General Data Protection Regulation which came into effect on May 25, 2018.
As RIFF, we are responsible for the processing of your personal data. If you still have any questions after reading this privacy policy, or wish to contact us about it, you can do so via:
Reykjavík International Film Festival
Tryggvata 17
101 Reykjavík
riff@riff.is
Within the framework of a job application procedure, we process your data because it is necessary in order to assess whether we wish to enter into a contract with you (legal basis: contractual).
When personal data is processed on the basis of consent, you always have the right to withdraw the consent given. You can contact us for this using the contact details at the top of this statement or unsubscribe via the link in our newsletters.
Where we rely on the legal processing ground of our legitimate interests, you always have the right to object to the processing of your data (such as for direct marketing).
Below we clarify which of your data we can process on the basis of your relationship with RIFF. Depending on the situation, we do not process all of the following data about you.
Via your personal myfilmfestival-profile or other:
We may also obtain personal information about you from other sources, such as if a family member or friend contacts us on your behalf. Where this occurs and it is not practical for us to provide you directly with a copy of our privacy policy, we may ask the person who provided us with your information to make this privacy policy available to you.
We can provide the data you give us to our external service providers if this is necessary for the fulfilment of the purposes described above.
For example, we use a third party (external service provider) for:
These external service providers are given access to certain data and information within the context of their assignment. In other words, they only act on our behalf and for our account. They are therefore never permitted to use your data for their own purposes. Moreover, these service providers are contractually bound to guarantee the confidentiality of your data. For this purpose, we have concluded a so-called “processor’s agreement” with these parties.
We share personal data with the following external parties:
As regards the collection of user statistics via analytical cookies and the sending of newsletters via a mailing platform (Campaign Monitor), your personal data may be processed outside the European Economic Area. A transfer will only be made to third countries which have been confirmed by the European Commission as ensuring an adequate level of protection for your data, or when other measures have been taken to ensure the lawful processing of your data in these third countries.
RIFF will not keep your personal data longer than necessary for the purpose for which it was provided. However, retention periods may vary according to the purpose. Conditions for retention or storage laid down by specific legislation (such as in the area of accounting) are always observed by us.
RIFF undertakes not to retain data longer than a maximum of 7 years after the last contact/use (or the termination of the relationship or cooperation), except for personal data that we must retain for longer on the basis of specific legislation or in the event of a longer contractual liability or in the event of a current dispute for which the personal data is still needed.
Some information can be stored indefinitely for historical, statistical or research purposes. As mentioned below, you have the right to ask us to remove your personal data from our databases.
We have taken appropriate technical and organizational measures to protect personal data against unlawful processing:
However, should an incident occur involving your data, you will be notified personally in the circumstances provided for by law.
Below is a list. You can contact us to exercise your rights at the address at the top of this privacy statement, accompanied by a note giving the reasons for your question.
We may ask you to identify yourself before responding to the above requests by attaching a copy of the front of your identity card to your application. In such cases, we strongly recommend that you make your passport photo invisible and indicate that it is a copy in order to prevent possible misuse.
You have the right to inspect and obtain a copy of the personal data relating to you. That way you can keep track of what data we have on you.
You have the right to correct and supplement your data if it is incorrect, no longer correct or incomplete.
You have the right to delete personal data which we have received from you and which is no longer strictly necessary for the purposes for which it was processed.
However, we are not always obliged to delete your data if you ask us to do so. We only need to do so in the cases provided for by the law.
You have the right to restrict data processing. If you object to the processing of certain data, you can ask for this processing to be stopped. In such cases, we will continue to keep your data, but will limit its use. This involves temporary halting of the processing until, for example, there is certainty about its accuracy. We only need to do this in the cases provided for by the law.
You have the right to object to the processing of your data based on our legitimate interests. This should be done on the basis of specific reasons related to your situation. In such cases, we are required to stop processing, unless we have compelling legitimate grounds to continue. However, irrespective of the legal basis on which we rely, you can always object, without giving any reasons, to the use of your data for direct marketing purposes (such as the display of advertisements adapted to your preferences and profile, the sending of newsletters), after which we are obliged to stop the processing for these purposes. You will be given the opportunity to unsubscribe or change your preferences with each email.
You have the right to have the data you have provided to us transferred to you or on your behalf directly to another party in a structured, common and machine-readable form.
No category of persons is subject to any form of automated decision-making based on profiling.
We make every effort to handle your personal data in a careful and legitimate manner and in accordance with the applicable regulations.
If you have a complaint about the processing of your personal data or about the exercise of your rights, please contact us directly at the address at the top of this privacy statement.
If you feel that your rights have been violated and your concerns are not being addressed within our organisation, you are free to file a complaint with the supervisory authority for privacy protection:
RIFF may amend its privacy statement from time to time. We will make an announcement about such an amendment on our website. The amended privacy statement shall apply immediately upon publication.
Most recent amendment: Sept 2021.
