Privacy Policy
With this Privacy Policy, we inform you about what personal data we process in connection with our activities as a film production company, including our websites. We particularly inform you about what personal data we process, for what purposes, how and where. We also inform you about the rights of individuals whose data we process.
Additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Data Processing Agreements, or Terms of Participation may apply to individual or additional activities.
1. CONTACT INFORMATION
Controller responsible for the processing of personal data:
Zenka Films GmbH
Steinwiesstr. 31
CH - 8032 Zürich
2. TERMINOLOGY AND LEGAL BASIS
2.1 TERMINOLOGY
Personal data means any information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.
Processing includes any operation performed on personal data, regardless of the means and procedures used, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying personal data.
2.2 LEGAL BASIS
We process personal data in compliance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).
3. NATURE, SCOPE AND PURPOSE
We process personal data that is necessary to perform our activities permanently, user-friendly, securely, and reliably. Such personal data may particularly fall into the categories of inventory and contact data, browser and device data, content data, metadata, usage data, location data, sales data, and contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as legally required. Personal data that is no longer necessary for processing will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are particularly specialized service providers whose services we use. We ensure data protection also with such third parties.
We process personal data only with the consent of the data subject unless the processing is permitted for other legal reasons. Processing without consent may be permitted, for example, to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is apparent from the circumstances, or after prior information.
Within this framework, we particularly process information that a data subject voluntarily transmits to us when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a Customer Relationship Management System (CRM system), or with comparable tools. When we receive data about other persons, the transmitting persons are obligated to ensure data protection for these persons and ensure the accuracy of this personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect while performing our activities, provided and to the extent such processing is legally permitted.
4. JOB APPLICATIONS
We process personal data about job applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The required personal data is derived particularly from the information requested, for example, as part of a job posting. We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, CVs, and other application documents, as well as online profiles.
5. PERSONAL DATA ABROAD
We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, particularly for processing purposes.
We may disclose personal data to all countries and territories on Earth and elsewhere in the universe, provided that the law there guarantees adequate data protection as determined by the Swiss Federal Council.
We may disclose personal data to countries whose laws do not guarantee adequate data protection, provided that appropriate data protection is ensured through other means. Appropriate data protection may be ensured, for example, through corresponding contractual agreements, based on standard data protection clauses, or with other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We will gladly provide information about any guarantees or provide a copy of guarantees to data subjects upon request.
6. RIGHTS OF DATA SUBJECTS
6.1 DATA PROTECTION CLAIMS
We grant data subjects all claims under applicable data protection law. Data subjects particularly have the following rights:
Access: Data subjects may request information about whether we process personal data about them and, if so, which personal data. Data subjects also receive information necessary to assert their claims under Swiss data protection law. This includes the processed personal data itself. This also includes information about the processing purpose, retention period, any disclosure or export of data to other countries, and the origin of the personal data.
Rectification and Restriction: Data subjects may have inaccurate personal data corrected and the processing of their data restricted.
Erasure and Objection: Data subjects may have personal data erased ("right to be forgotten") and object to the processing of their data.
Data Release and Portability: Data subjects may request the release of personal data or the transfer of their data to another controller.
We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects about any requirements to be met for exercising their data protection claims. For example, we may partially or wholly refuse access with reference to trade secrets or the protection of other persons. We may also partially or wholly refuse the deletion of personal data with reference to statutory retention obligations.
We may exceptionally provide for costs for exercising rights. We will inform data subjects in advance about any costs.
We are obligated to identify data subjects who request access or assert other rights with appropriate measures. Data subjects are obligated to cooperate.
6.2 RIGHT TO COMPLAINT AND LEGAL RECOURSE
Data subjects have the right to enforce their data protection claims through legal channels or file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
7. DATA SECURITY
We implement appropriate technical and organizational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website occurs via transport encryption (SSL/TLS, particularly using the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
8. WEBSITE USE
8.1 COOKIES
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies particularly enable recognizing a browser upon the next visit to our website and thereby measuring our website's reach. However, permanent cookies can also be used for online marketing.
Cookies can be deactivated or deleted completely or partially in the browser settings at any time. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent necessary – explicit consent to use cookies.
For cookies used for success and reach measurement or advertising, a general objection ("opt-out") is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
8.2 SERVER LOG FILES
For each access to our website, we may collect the following information if transmitted by your browser to our server infrastructure or determinable by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transferred data volume, last webpage accessed in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website permanently, user-friendly, and reliably, as well as to ensure data security and thus particularly the protection of personal data – also by third parties or with the help of third parties.
8.3 TRACKING PIXELS
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including from third parties whose services we use – are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can collect the same information as in server log files.
9. NOTIFICATIONS AND COMMUNICATIONS
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
9.1 PERFORMANCE AND REACH MEASUREMENT
Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of usage for performance and reach measurement to send notifications and communications effectively and user-friendly as well as permanently, securely, and reliably based on the recipients' needs and reading habits.
9.2 CONSENT AND OBJECTION
You must generally explicitly consent to the use of your email address and other contact addresses unless the use is permitted for other legal reasons. For any consent, we use the "double opt-in" procedure where possible, meaning you receive an email with a web link that you must click to confirm to prevent misuse by unauthorized third parties. We may log such consents including Internet Protocol (IP) address and date and time for evidence and security reasons.
You can generally object to receiving notifications and communications such as newsletters at any time. With such an objection, you can simultaneously object to the statistical recording of usage for performance and reach measurement. Required notifications and communications in connection with our activities remain reserved.
9.3 SERVICE PROVIDERS FOR NOTIFICATIONS AND COMMUNICATIONS
We send notifications and communications using specialized service providers.
We particularly use:
Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Privacy information: Privacy Policy (Intuit) including "Country and Region-Specific Terms", "Mailchimp Privacy FAQ", "Mailchimp and European Data Transfers", "Security", Cookie Policy, "Privacy Rights Requests", "Legal Terms".
10. SOCIAL MEDIA
We are present on social media platforms and other online platforms to communicate with interested persons and inform about our activities. In connection with such platforms, personal data may also be processed outside Switzerland.
The General Terms and Conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions particularly inform about the rights of data subjects directly towards the respective platform, including the right to access.
11. THIRD-PARTY SERVICES
We use services from specialized third parties to conduct our activities permanently, user-friendly, securely, and reliably. With such services, we can embed functions and content into our website. When embedding such content, the services used necessarily record the Internet Protocol (IP) addresses of users at least temporarily for technical reasons.
For required security-relevant, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities in aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to provide the respective service.
We particularly use:
Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General privacy information: "Privacy and Security Principles", Privacy Policy, "Google's commitment to compliance with applicable data protection laws", "Privacy Guide for Google Products", "How we use data from sites or apps where our services are used" (Information from Google), "Types of cookies and other technologies used by Google", "Personalized advertising" (activation/deactivation/settings).
11.1 DIGITAL INFRASTRUCTURE
We use services from specialized third parties to utilize required digital infrastructure in connection with our activities. This includes, for example, hosting and storage services from selected providers.
We particularly use:
Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Privacy information: Privacy Policy.
11.2 MAPS
We use third-party services to embed maps into our website.
We particularly use:
Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: "How Google uses location information".
11.3 FONTS
We use third-party services to embed selected fonts as well as icons, logos, and symbols into our website.
We particularly use:
Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Privacy and Data Collection".
11.4 ADVERTISING
We use the possibility to display targeted advertising for our activities with third parties such as social media platforms and search engines.
With such advertising, we particularly want to reach persons who are already interested in our activities or could be interested in them (remarketing and targeting). For this, we may transmit corresponding – possibly also personal – information to third parties who enable such advertising. We can also determine whether our advertising is successful, meaning particularly whether it leads to visits to our website (conversion tracking).
Third parties where we advertise and where you as a user are logged in may possibly associate the use of our online offering with your profile there.
We particularly use:
Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, among other things, whereby various domain names – particularly doubleclick.net, googleadservices.com, and googlesyndication.com – are used for Google Ads, "Advertising" (Google), "Why am I seeing a particular ad?".
12. PERFORMANCE AND REACH MEASUREMENT
We use services and programs to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities as well as the effect of third-party links to our website. However, we can also try out and compare how different versions of our online offering or parts of our online offering are used ("A/B test" method). Based on the results of performance and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online offering.
When using services and programs for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through corresponding pseudonymization and thus improve user data protection.
When using services and programs for performance and reach measurement, cookies may be used and user profiles created. User profiles include, for example, the pages visited or content viewed on our website, information about the size of screen or browser window, and the – at least approximate – location. In principle, user profiles are created exclusively pseudonymized. We do not use user profiles to identify individual users. Individual third-party services where users are logged in may possibly associate the use of our online offering with the user account or user profile with the respective service.
We particularly use:
Google Analytics: Performance and reach measurement; Provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transferred completely to Google in the USA, "Privacy", "Browser Add-on to deactivate Google Analytics".
13. FINAL PROVISIONS
We may adapt and supplement this Privacy Policy at any time. We will inform about such adaptations and supplements in an appropriate form, particularly by publishing the current Privacy Policy on our website.