Last Updated: September 18, 2019
- The Motion Picture Association, Inc. (the “MPA”) or its other affiliates and subsidiaries; or
- Websites or mobile apps operated by MPA EMEA which have separate privacy policies or notices that do not reference this Policy.
PERSONAL DATA WE PROCESS
We obtain personal data about you in various ways. In this section, we explain the personal data we process.
Note that where we specifically ask you to provide us with your personal data, we will indicate whether providing the personal data is a statutory or contractual requirement, or a requirement necessary to enter into an agreement with us, as well as whether you are obliged to provide the personal data and what the possible consequences are if you fail to provide it.
Content protection investigation (“Content Protection Data”)
We obtain and share certain personal data to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).
For these purposes, we obtain personal data from third-party information services companies, the Internet (including social media sites), public registers, law enforcement authorities and others.
- Name including nickname/alias;
- Personal characteristics (such as age, gender, marital status);
- Family composition;
- Email address(es);
- Physical address(es);
- IP address(es) or other identification numbers;
- Bank account details;
- Paypal account details;
- Details of suspected infringement of copyright and other protections;
- Social media accounts;
- Employment information (including position or function);
- Phone number(s);
- Education and training;
- Old email and physical address(es);
- Web domains registered by the individual;
- Automobile/motorcycle registration and license plate; and
- Litigation that has been submitted to courts and tribunals as well as to administrative judicial bodies.
We also, to the extent permitted by applicable law, collect personal data about any suspected or actual criminal activity that we are investigating (such as criminal copyright infringement). We can process such personal data pursuant to the 2018 Belgian Data Protection Act.
We may collect other categories of personal data, depending on the case.
Personal data we obtain by automated means (“Site Data”)
We record the following personal data:
- your device type;
- your operating system type;
- your browser type, domain, and other system settings (such as the language your system uses);
- the country and time zone where your device is located;
- the address of the web page that referred you to our Site;
- the IP address of the device you use to connect to our Site; and
- your interaction with the Site, such as which pages you visit.
Our Site is not designed to respond to “do not track” signals from browsers.
HOW WE USE THE PERSONAL DATA WE OBTAIN
We use the personal data described above to:
- protect against, identify and prevent fraud, copyright infringement, unauthorized use, streaming and distribution of protected content and other criminal activity, and, if appropriate, file legal claims;
- for the purposes of operating our Site, such as for (i) customizing our users’ visits to our Site, (ii) delivering content tailored to our users’ interests and the manner in which our users browse our Site, and (iii) managing our Site and other aspects of our business.
We also use the personal data in other ways for which we provide specific notice at the time of collection.
WHO WE SHARE PERSONAL DATA WITH
We share your personal data with the following organizations:
Affiliates and subsidiaries
We share your personal data with our affiliates and subsidiaries. In particular we may share your personal data with:
- Motion Picture Association – America Latina
- Motion Picture Association – Canada
- Motion Picture Association’s offices located in Mexico, Hong Kong and Singapore.
- Motion Picture Association, Inc.
We share Content Protection Data with these affiliates and subsidiaries where appropriate in order to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).
We also share personal data with service providers who perform services on our behalf and under our instructions. We do not authorize these service providers to use or disclose the personal data except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these service providers include:
- Online intermediaries – As part of our outreach during investigations, the MPA may communicate IP addresses with various intermediaries including hosting providers, registrars, registries, and ad networks. In addition, the MPA may also communicate user IDs with payment processors and online marketplaces while conducting outreach.
- Content Protection Organizations (“CPOs”) – We engage local CPOs to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those CPOs to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
- Law firms – We engage law firms to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those firms to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
- Providers of office services – e.g.:
- E-mail services, online hosted office products (such as Microsoft Word, Excel and Powerpoint), and other cloud-based services (such as Microsoft SharePoint and Teams).
- Online storage services.
Personal data collected through third-party plug-ins and widgets on the Site (such as information relating to your use of a social media sharing tool) are collected directly by the providers of the plug-ins and widgets. These personal data are subject to the privacy policies of the providers of the plug-ins and widgets, and the MPA EMEA is not responsible for those providers’ personal data practices.
Motion Picture Studios and ACE Members
In addition, we share personal data with the six motion picture studios that are members of the MPA, and their affiliates, as well as members of the Alliance for Creativity and Entertainment (“ACE”):
- Walt Disney Studios Motion Pictures
- Paramount Pictures Corporation
- Sony Pictures Entertainment Inc.
- Universal City Studios LLC
- Warner Bros. Entertainment Inc.
- Amazon Studios LLC
- Netflix Studios, LLC
We transfer relevant personal data to relevant Motion Picture Studios and ACE members in connection with our content protection activities (see the section above entitled “Personal data we process”), in order to allow them to investigate such content protection issues and take appropriate legal action.
Other recipients of your personal data (including law enforcement authorities)
We also share personal data about you:
- i. if we are required to do so by law or legal process;
- ii. to law enforcement authorities or other government entities based on a lawful disclosure request;
- iii. when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; and
- iv. in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation). In those cases, we reserve the right to transfer personal data we have about you.
Members of the IPTV taskforce
The IPTV Taskforce discusses strategy and shares information (mostly of a non-personal nature) between its members in order to carry out content protection activities as far as they concern certain Internet Protocol Television services.
THE LEGAL BASIS WHICH WE RELY UPON
The MPA EMEA only processes your personal data:
- i. if you have consented to such processing;
- ii. to the extent that it is necessary for the performance of your agreement with us or in order to take steps at your request prior to entering into an agreement with us;
- iii. to the extent that it is necessary to comply with our legal obligations; or
- iv. to the extent that it is necessary for the purposes of our legitimate interests in protecting against, identifying and preventing fraud, copyright infringement, unauthorized use and distribution of protected content and other criminal activity.We have carefully balanced our legitimate interests against your data protection rights. The processing of personal data for the purposes of preventing fraud and other criminal activity is typically considered a legitimate interest under the GDPR.
YOUR RIGHTS AND CHOICES
You have a number of rights over the personal data which we process about you.
One key right is the right to object, at any time, to the processing of your personal data which is based on the MPA EMEA’s legitimate interests. Where we process your personal data for direct marketing purposes, you have the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
You also have the right to request access to the personal data that we process about you, to have your personal data corrected or erased, to restrict the processing of your personal data, as well as the right to data portability. In each case we will apply your preferences going forward.
Where we have obtained your consent for the processing of your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that has happened based on your consent prior to the withdrawal.
To exercise these rights or withdraw consent, you should submit a written request using the contact details set out below in the “How To Contact Us” section, below.
PERSONAL DATA TRANSFERS
In some cases we transfer the personal data we collect about you outside of the European Economic Area (“EEA”). We transfer personal data to our affiliates and subsidiaries in the following countries:
- Hong Kong
- The United States
However, we may also transfer personal data to other countries where we are carrying out ‘content protection’ activities. The countries which we transfer personal data to will depend on where the particular infringer(s) reside and the country where we need to take action.
Those countries may not offer the same level of protection as the countries within the EEA, and so we will ensure that appropriate transfer mechanisms are in place as required by law, or the country where the relevant IPTV Taskforce member is located.
In some cases, your personal data is transferred to (or accessed from) countries for which the European Commission has issued an Adequacy Decision under Article 45 of the GDPR. This is the case for transfers of personal data to Canada.
In other cases, we will implement appropriate safeguards to ensure that your personal data remains protected. This may include data transfer agreements, including standard contractual clauses (as permitted under Article 46.2 of the GDPR). You can obtain a copy of these by contacting us using the contact details in the “How to contact us” section below.
HOW WE PROTECT PERSONAL DATA
We maintain administrative, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
HOW LONG WE KEEP PERSONAL DATA FOR
In general we will store your personal data as long as the personal data are necessary to fulfil the purposes for which we collected it:
- Content Protection Data – We store investigation-related personal data in a form that permits identification of individuals as long as it is necessary for purposes of the anti-piracy outreach and investigations that we conduct on behalf of the studio companies. On average, the personal data is deleted or anonymized 5 years after it was collected, to avoid that the same individuals would be re-investigated unnecessarily – particularly if those individuals have been cleared from any involvement in potential infringement cases.
- Site Data – Site data is stored no longer than 1 year after it was collected.
In exceptional cases (e.g., in pending litigation matters) this personal data may need to be kept for longer periods of time.
LINKS TO OTHER WEBSITES AND APPS
Our Site provides links to other websites and apps for your convenience and information. These websites and apps may operate independently from us. Linked sites and apps usually have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.
QUESTIONS AND CONCERNS
If you have any questions or concerns with the way we handle your personal data, we encourage you to get in contact with us using the contact details in the “How to contact us” section below. You also have the right to lodge a complaint with the supervisory authority in your home country, at your place of work or of an alleged infringement of the GDPR.
HOW TO CONTACT US
Motion Picture Association Europe
Avenue des Arts 46 1000
This is the MPA EMEA’s registered seat and offices.
Appendix A – the IPTV Taskforce
The IPTV Taskforce consists of the following members:
- Channel 4
- Channel 5
- Fox Australia Sports
- Foxtel (Australia)
- France Télévisions
- HBO (Europe)
- HBO Latam
- La Liga
- MultiChoice Africa
- Warner Bros.
- MySat / World Media
- Premier League
- Sky DE
- Sky UK
- Sky Italy
- Sky NZ
- TVB (Television Broadcasts)
- TVN (Poland)
- UK TV
- Virgin Media
- Charter Communications
- Rogers Communications