Panavision EU Data Privacy Notice
Effective Date: May 25, 2018.
How we use personal information of individuals in the European Union
This EU Data Privacy Notice applies to Panavision Inc. and its subsidiaries (including Light Iron, Panalux, Lee Filters, Direct Digital, and Island Studios) and explains how and why we use personal data of individuals located in the European Union. This Notice also explains your data privacy rights and how relevant laws protect you. In this Notice, when we talk about personal data, we are referring to any information that relates to you as an identifiable nature person. You should read this Notice so that you understand what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it.
We understand that your privacy is important to you and we are committed to keeping your data safe and private.
Changes to our privacy notice
We may modify or amend this Notice from time to time. When making changes to this Notice, we will amend the revision date at the top of this page. We encourage you to check back regularly to keep informed of updates regarding how we are protecting your information.
Who we are
The Panavision family of companies is a global business made up of a number of different companies. Our companies are among the best-known and most respected companies globally as providers of production and post-production products and services to the entertainment industry. As such, we recognize the importance of maintaining the confidentiality of your private information.
Panavision is a “Data Controller,” which is a legal term adopted under the European Union’s privacy law called the General Data Protection Regulation (or GDPR), meaning that we make decisions regarding how and why we collect and use your personal data. As the “Data Controller,” we are responsible for ensuring that your personal information is only used for the purposes for which it was originally collected and in compliance with all applicable data protection laws.
For any concerns or questions you may regarding this Notice or if you require more details on how we use your personal information, you can contact our Data Protection Officer at dataprivacy@Panavision.com.
How you are protected by the law
Data protection laws require us to have a legal reason to justify the use of your personal information. The law determines the basis on which we collect your information and the purpose for which that information is used.
We are required to have one or more of the following reasons for all processing of your personal information:
- To fulfil a contract we have with you for the provision of products or services, or
- When the processing is necessary for us to comply with our legal obligations, or
- When you have consented to processing, or
- When it is in our legitimate interest.
A legitimate interest applies when we have a business or commercial reason of our own to process your personal information, however, even in these cases our legitimate interest cannot override or unfairly impact your individual interests.
The following section provides examples of the ways we may use your personal information and explains our legal grounds which we rely on to do so.
Processing necessary to fulfil a contract we have with you to establish a new account or provide goods or services:
- Managing your account with us, including responding to your enquires, evaluating new account applications; administering and managing financial accounts and records; preparing sales quotes, invoices, delivery and collection notes; and delivering orders, collecting payments, and updating records
- Sharing personal data with specific third-party service providers including credit card and payment service providers
- Administering and managing rental, leasing and/or purchasing agreements
- Providing specialized post-production services including dailies, digital intermediate, archival and data services for feature film, episodic television and commercial projects.
- Selling photographic expendables and merchandise related to our business.
- Supporting the utilization of Panavision mobile applications
- Managing and liaising with distributors and accredited Panavision resellers
- Paying and liaising with suppliers
- Transacting e-commerce activities, including purchasing and confirmation details
- Performing credit reference checks for new account applications
Processing necessary for us to comply with our legal obligations:
- Complying with all relevant laws and regulations
- Adhering to best practice under government and regulatory bodies including the Information Commissioner’s Office, HMRC and others
- Responding to requests from you to exercise your data subject access rights
- Processing information regarding a crime or offence and support associated proceedings
- Monitoring activities and safeguard your welfare on our premises
- Protecting Panavision, our employees and customers through appropriate legal action against third parties who have committed a criminal act or are in breach of their legal obligations.
Processing based on our legitimate interests:
- Reviewing, testing and improving the performance of our equipment and services
- Ensuring effective governance across all Panavision affiliates
- Sending promotional communications (which are relevant and tailored to your interests) regarding our products and services and/or invitations to corporate events, trade shows, industry forums, and distribution of newsletters, etc.
- Detecting, investigating, reporting, and seeking to prevent financial and other crime.
- Supporting industry forums and promoting collaboration between our customers, industry professionals and interested individuals
- Marketing activities such as research, analysis and invitations to corporate events, industry forums, trade shows, and distribution of newsletters
- Managing and auditing of our business operations including accounting
To protect you as our customer, our premises, assets and business partners from crime, we also operate CCTV security systems in a number of our premises and car parks which record images for security. We do this on the basis of our legitimate business interests.
Processing with your consent
In specific circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by applicable law to obtain your prior consent in order to send you marketing communications or when you request that we share your personal data with someone else and obtain your consent to that.
Before collecting and/or using any special categories of data (for example, information about your health or criminal record data), we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- Your explicit consent;
- The establishment, exercise or defense by us or third party legal claims; or
- Other uses allowed by applicable law including context specific exemptions provided for under local laws of EU Member States and other countries implementing the GDPR.
How and when you can withdraw consent
The majority of what we do with your personal data is not based on your consent and is instead based on other legal grounds discussed above. For processing that is based on your consent, you have the right to revoke that consent for future processing at any time. You can do this by contacting us using the contact details for the data protection officer provided in this Notice. The consequence of withdrawing your consent may be that we cannot send you promotional or marketing material.
What personal data do we collect from you?
The type of personal data that we collect depends on the products and services you receive from us and may include your:
- Name, age/date of birth and gender;
- Contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- Purchases, orders and rental/leasing agreements made by you;
- On-line browsing activities on Panavision websites;
- Mobile applications utilization
- Communication and marketing preferences;
- Details that are stored in documents in different formats, or copies of them. This could include things like your passport, driving license or other personal identifiers if required for us to comply with our legal and regulatory requirements
- Details on the devices and technology that you use
- Personal data that we obtain from Credit Reference agencies
- Your image which may be recorded on CCTV when you visit our premises, and
- Correspondence and communications with us, including voicemails, emails and text messages.
This list is not exhaustive and we don’t use all this personal data in the same way. Some of it is used for marketing or promotional purposes or for providing services to you and some of the information is sensitive and we use it in a private and ethically responsible way.
What is the source of your personal data?
Data you give us
We typically collect your personal data directly from you and the means of collecting that information includes:
- Information entered when you apply for our products or services, either via our site or via paper application forms
- Face-to-face meetings and telephone calls
- Customer site visits
- Trade shows and industry events
- Emails, letters and other correspondence you have with us
- Details of transactions you carry out with us
- Information we have gathered from asking you to respond or subscribe to our newsletters or collaboration forums
Data from other parties we work with
From time to time we may also receive personal data from trusted third parties.
- Credit reference agencies
- Panavision agencies and resellers
- Fraud prevention agencies
- Freelancers or agents working on our behalf
- Insurance companies
- Government and law enforcement agencies
Data from your use of our services
- Payment and transaction data
- Email addresses and user ids
- We may also collect information derived from cookies, which will include your IP Address, unless you have set your browser not to accept cookies.
- We may collect information about your computer, including where available your IP address, operating system and browser type.
- We may collect mobile application utilization data
What are cookies?
A cookie is a text file which contains small amounts of information that a website may store on your computer, tablet or mobile device, when you visist a website. The information is used by the website to send information to your browser in order to make websites work more efficiently and in certain instances to deliver a more personalized service.
At any point you may wish to block cookies by activating the appropriate settings on your browser which allows you to refuse the setting of cookie. However, this may mean that you might be unable to access certain elements of our sites.
How long do we keep your personal information?
Whenever we collect or process your personal data we will only keep it for as long as is necessary for the purposes for which is was collected. At the end of that retention period your data will be either deleted completely or anonymized so that is no longer identifies you as an individual but can be used by use for reporting and analysis purposes.
Who we may share your personal data with?
On occasions we may share your personal data with another members of the Panavision group.
Contracted Third Parties
We will not disclose your personal information to third parties other than as described in this Notice unless we have your permission or are permitted to do so by law. On occasions we may share your personal data with other members of the Panavision group as necessary to meet the purposes for which the information was originally collected.
Third party contractors and/or vendors engaged by us to provide services may also have access to your personal information. These third parties will be subject to their own data protection requirements providing the same or greater level of security provided by Panavision and in most instances will also have entered into a written agreement with us which addresses the protection of your personal information.
We will disclose your personal data in order to comply with any legal regulations or to enforce or to protect our rights, property or safety of our customer or other persons with which we hold a business relationship. This includes responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests or in circumstances where privacy rights are superseded by the risk of harm to an individual.
International Transfers of Information
We are a global organization and may transfer certain personal information across geographical borders and may store information in a jurisdiction other than where you live including outside of the EU.
We will take all appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests, and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Safeguards include contractual obligations imposed on the recipients of your personal data. Those obligations require the recipient to protect your personal data to the standard required in the EU.
Your EU Rights
If your personal information is processed by a Panavision entity in the EU, then subject to certain exemptions, and dependent on how and why we use it, you have certain rights in relation to your personal information. We have included a list of your individual rights below, however they do not apply in all circumstances.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We are required to do so unless we believe we have a legitimate overriding reason to continue processing your personal data. We may also not always be able to fully comply with your request if, for example, we have a duty of confidentiality to other parties in specific circumstances.
If we choose not to take action on your request we will explain the reasons for our refusal.
The right to be informed – we must be transparent with you about the processing that we do with respect to your personal data. This Notice provides you with the necessary detail regarding how we collect and process your personal data. Your right to be informed may be relevant if you consider it necessary to ask for more information about what we do with your personal data.
You have the right to request access to the personal data held about you, to obtain confirmation that it is being processed, and to obtain certain prescribed information about how we process it; however, your request may be assessed on the basis of ‘reasonableness’ with consideration given to the difficulty, practicality and expense of providing the requested information.
Exercising your right to access your personal information may assist you if you wish to find out what personal data we have about you to then determine if you can exercise other rights (those outlined below).
The right to object applies to processing of your personal data where it is based on legitimate interests and where your data is processed for direct marketing or processed for the purposes of collating statistical information. Your rights to object may be relevant if you wish to find out more about what legitimate interests we rely on, as an example (they are listed in our Notice above).
You are entitled at any time to restrict processing or ‘block’ the use of your personal data in certain circumstances, such as where you believe your personal data is not accurate (until the accuracy can be verified). In processing your request we will consider whether our legitimate interests override your own.
The right to have your personal data erased, also known as the “right to be forgotten” enables you to request the deletion or removal of personal data where there is no compelling reason for its continued use. This right is not absolute and only in particular circumstances where, for example, retaining your personal data is no longer necessary in relation to the purpose for which it was originally collected. Requests for erasure may be refused in some circumstances such as where the personal data must be retained to comply with a legal obligation or to exercise or defend legal claims.
You have the right to request to have your personal data corrected if it is inaccurate and to have incomplete personal data completed in certain circumstances (also known as the right to rectification). Where we have disclosed the personal data in question to other organizations, we must also inform them of the rectification wherever possible.
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services; to move, copy or transfer their personal data easily from one environment to another in a safe and secure way without hindrance to usability. Due to the nature of internal processes, this right has limited applicability within Panavision because it is only relevant where personal data is being processed based on a consent or for performance of a contract which is carried out by automated means. It differs from the right of access described above where typically you are able to obtain more detailed information.
You may exercise your rights in relation to automated decision making in circumstances which have a legal effect or otherwise significantly affects you. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention. In specific instances you have the right to request human intervention and an explanation of the automated decision and you may be able to challenge that decision.
If you reside in the EU and would like to exercise your individual rights, please contact our Data Protection Officer using the details at the beginning of this Notice. We will respond within one month.
In addition you also have the right to complain to the Information Commissioner’s Office (www.ico.org) which regulates the processing of personal data by Panavision.
We will keep you informed of Panavision products, services and events that we believe are of interest unless you inform us you no longer want to receive further information.
If at any time you wish to stop receiving marketing information from Panavision you can notify us by using the opt-out or unsubscribe link attached to all of our marketing emails or contact our Data Protection Officer to exercise your right to stop all forms of marketing (post and email).
It is Panavision’s policy to never knowingly collect or maintain information about anyone under the age of 16.
Links to Other Websites
Any third party websites (other than Panavision-affiliated sites) linked to or from this Website (“Linked Sites”) are independently operated and maintained by such third parties and are not under the control and/or supervision of Panavision. Access and use of any Linked Site shall be subject to the terms and conditions stipulated by the operator of the Linked Sites. We are not responsible for the accuracy or reliability of the information on those sites, even if the link is provided on this website as a convenience. We are not responsible for any loss or damage, however caused, in connection with the use of any Linked Site, and your access to any of the Linked Sites shall be at your own risk. Nothing contained in this Website shall be interpreted as a recommendation and/or endorsement by us of the contents of the Linked Sites and any products and/or services appearing on and/or provided through such Linked Sites.
No portion of this Website, downloadable files, images, or other data may be reproduced in any form, or by any means, without prior written approval of Panavision Inc., or as otherwise provided above.
Copyright © 2018, Panavision International, L.P. – All rights reserved.