PRIVACY NOTICE
Target of this Privacy Notice
The current website “midnightvfx.com” (hereinafter “the website”) is owned by the company under the trade name “MIDNIGHT VFX” (hereinafter “the Company” or “We”). With respect to the privacy of the users of the website (hereinafter “the Users” or “You”), collecting and processing your personal data with safety and keeping them secure is of utmost importance for our Company.
The Company, as the Data Controller wishes through the current notice to inform you as Data Subjects, about the collection and processing of your personal data in the context of your using the website, according to the applicable European and national data protection legislation, especially the General Data Protection Regulation (ΕU) 2016/679, the Greek Laws 4624/2019 and 3471/2006 as applicable.
Definitions
• “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• “Personal data of special categories” means any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or
trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction;
• “Anonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject;
• “Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal
data are not attributed to an identified or identifiable natural person;
• “Data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; For the purposes of the current notice, the Company acts as the Data Controller.
• “Dara Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
• “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
• “Data Protection Legislation” means any applicable legislation protecting the personal data of natural persons, including in particular the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), the Greek Laws 4624/2019 and 3471/2006, as well as any other applicable national legislation, including where applicable, statutes, decisions, guidelines, guidance notes, codes of practice, codes of conduct and data protection certification mechanisms issued from time to time by courts, any supervisory authority and other applicable authorities.
Purpose of processing and legal basis
In the context of browsing and using the website, the following personal data are collected and processed:
Personal Data
Purpose of Processing Legal Basis
Communication
Recruitment
Collection and further processing of Personal Data of Minors
Generally, the Company does not collect and further process personal data of minors (i.e. people under the age of 18 years old). However, since it is not possible to verify the true age of the users of the website, it is highly advisable that the parents and legal guardians of minors contact the Company in case they notice any unauthorized sharing of personal data of minors under their responsibility, in order to exercise their personal data rights, such as the deletion of the minors’ personal data. In case the Company realizes that has collected minor’ s personal data, it will promptly delete them.
Recipients
The personal information the Users provide us with is kept securely and is safeguarded. In the context and for the purposes of the operation and use of the website, the Company may transfer any from the abovementioned personal data to any third parties, to which may have assigned any personal data processing to be performed on its behalf (eg. Companies offering services for the operation of the website).
[LIST OF RECIPIENTS]Any third parties to which personal data are transferred, bear contractual obligations before the Company (eg. with data processing agreement, non-disclosure agreement etc.) to comply with all their obligations arising from the Data Protection Legislation respecting the data subjects’ rights.
Furthermore, the personal data of the Users may be transferred to the police or/and any competent public authorities etc. for the compliance of the Company with its legal obligations pursuant to the applicable legislation.
International Data Transfers
The Company does not transfer Users’ personal data to any third countries [(i.e. countries outside the European Economic Area (EEA)]. In case that an international data transfer shall take place for one of the abovementioned purposes, the Company prior to the said transfer, assures that one of the legal basis previewed by the Article 6 of the GDPR exists and that :
a. The Commission has decided that the third country ensures an adequate level of protection. (Article 45 GDPR), or
b. Appropriate safeguards are provided for the security of the personal data transferred and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. (Article 46 GDPR), or
c. For non repetitive processing activities, the transfer shall take place only on one of the conditions of Article 49 GDPR.
Otherwise, the international transfer is prohibited thus the Company will not perform it unless one of the special conditions under GDPR exists (eg. User’s explicit prior consent after their proper information on the risks arising from the transfer, the transfer is necessary for the performance of the contract upon user’s relevant request, the task shall be carried out in the public interest or for the establishment, exercise or defence of legal claims or user’s vital interests etc).
Data Retention Period
Users’ personal data are collected and further processed for a determined and specific period of time, which is strictly necessary for the performance of the purpose of processing. Upon the expiration of this period, the personal data are properly deleted from our databases.
When the processing is performed under a special legal obligation, users’ personal data are kept for as long as it is previewed by the relevant legal provision.
Users’ personal data collected and further processed for the performance of a contract, are kept for as long as it is necessary for the said performance as well as for the establishment, exercise or defence of legal claims that may arise from the contract.
In regard with the personal data collected and processed under the data subject’s specific consent, they are kept until the data subject withdraws the relevant consent unless the Company is obliged to retain them for the performance of its legal obligations.
Personal Data Breach
In case that a personal data breach takes place, the Company has adopted and follows a specific Personal Data Breach Handling Procedure. In case you notice anything that may be or cause a personal data breach, please inform us as soon as possible accordingly at the email address …………
Personal Data Security
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing performed, the Company has implemented and keeps updated all the necessary technical and organisational measures for the security of the personal data processed and the data subjects’ rights. Although, no method of personal data processing via Internet or electronic storage can be absolutely safe, the Company has in place several digital security measures (eg. Antivirus, end-to-end encryption) pursuant to the applicable Data Protection Legislation.
Personal Data Rights
The Company commits itself to users’ privacy. We take care so that handle properly with all data subjects’ requests concerning the exercise of their rights under the Data Protection Legislation.
Especially, every data subject has the following rights:
a. Right to Information and Access to the personal data processed by the Company. Every data subject has the right to ask to be informed and receive a copy of the personal data processed by the Company so that they be able to check the lawfulness of their processing.
b. Right to Rectification of the personal data processed by the Company. Every data subject has the right to ask for the rectification of any inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
c. Right to Erasure of the personal data processed by the Company. Every data subject has the right to ask for the erasure of their personal data since they are no longer necessary in relation to the purposes for which they were collected or otherwise
processed and there is no legal provision requiring their further retention.
d. Right to Restriction of processing of the personal data processed by the Company.
e. Right to Data Portability of the personal data processed by the Company. Every data subject has the right to receive the personal data concerning them, which they have
provided to the Company, in a structured, commonly used and machine-readable format.
f. Right to Objection to the processing of their personal data by the Company if such processing is performed for the purposes of the legitimate interests pursued by the Company.
g. Right to Withdraw your consent at any time, bearing in mind that such withdrawal does not affect the lawfulness of the processing before the withdrawal.
In case that any data subject exercises any of the abovementioned rights, the Company shall without undue delay handle with it [at any case within thirty (30) calendar days from the receipt of the request and the proper identification of the data subject] informing the data subject in written for the progress of the request. That period may be extended by two
further months where necessary, taking into account the complexity and number of the requests. The Company shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.
In case any user thinks that we have not responded to their request properly, they can always refer to the Hellenic Data Protection Authority at www.dpa.gr.
Contact Person for Privacy Matters
For the exercise of all the abovementioned rights as well as for any questions regarding personal data processing by the Company, you can always contact us at the e-mail address ………….
Update
The current Privacy Notice may be updated from time to time for the Company’s compliance with the applicable Data Protection Legislation as well as for the amelioration and update of the services offered through the website. Therefore, we suggest that before using the website, you refer to the current Privacy Notice so that you read its latest version.
Update: October 2023