Close

Privacy Policy

EUROPEAN PRIVACY POLICY

Last Updated: September 18, 2019

We at the Motion Picture Association Europe Middle East and Africa (“MPA EMEA”; “we”; “us”) respect your concerns about privacy. This European Privacy Policy describes the types of consumer personal data we collect, how we use the personal data, with whom we share the personal data and the rights and choices available to you regarding our use of the personal data. We also describe the measures we take to protect the security of the personal data and how you can contact us about our privacy practices. This European Privacy Policy has been updated to reflect the requirements of the EU General Data Protection Regulation (“GDPR”).

This European Privacy Policy does not apply to:

  • The Motion Picture Association, Inc. (the “MPA”) or its other affiliates and subsidiaries; or
  • Websites or mobile apps operated by MPA EMEA which have separate privacy policies or notices that do not reference this Policy.

PERSONAL DATA WE PROCESS

We obtain personal data about you in various ways. In this section, we explain the personal data we process.

Note that where we specifically ask you to provide us with your personal data, we will indicate whether providing the personal data is a statutory or contractual requirement, or a requirement necessary to enter into an agreement with us, as well as whether you are obliged to provide the personal data and what the possible consequences are if you fail to provide it.

Content protection investigation (“Content Protection Data”)

We obtain and share certain personal data to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).
For these purposes, we obtain personal data from third-party information services companies, the Internet (including social media sites), public registers, law enforcement authorities and others.

We obtain certain personal data in connection with our content protection activities that we typically do not collect in connection with our other activities covered by this European Privacy Policy. Depending on the circumstances, we may collect the following personal data:

  • Name including nickname/alias;
  • Personal characteristics (such as age, gender, marital status);
  • Family composition;
  • Email address(es);
  • Physical address(es);
  • IP address(es) or other identification numbers;
  • Bank account details;
  • Paypal account details;
  • Details of suspected infringement of copyright and other protections;
  • Social media accounts;
  • Employment information (including position or function);
  • Phone number(s);
  • Education and training;
  • Images;
  • Old email and physical address(es);
  • Web domains registered by the individual;
  • Automobile/motorcycle registration and license plate; and
  • Litigation that has been submitted to courts and tribunals as well as to administrative judicial bodies.

We also, to the extent permitted by applicable law, collect personal data about any suspected or actual criminal activity that we are investigating (such as criminal copyright infringement). We can process such personal data pursuant to the 2018 Belgian Data Protection Act.

We may collect other categories of personal data, depending on the case.

Personal data we obtain by automated means (“Site Data”)

When you visit our website (https://www.mpa-emea.org, the “Site”), open our emails or interact with MPA EMEA-related tools, widgets or plug-ins, we collect certain personal data by automated means, such as cookies, web server logs, web beacons and JavaScript.

We record the following personal data:

  • your device type;
  • your operating system type;
  • your browser type, domain, and other system settings (such as the language your system uses);
  • the country and time zone where your device is located;
  • the address of the web page that referred you to our Site;
  • the IP address of the device you use to connect to our Site; and
  • your interaction with the Site, such as which pages you visit.

Our Site is not designed to respond to “do not track” signals from browsers.

HOW WE USE THE PERSONAL DATA WE OBTAIN
We use the personal data described above to:

  • protect against, identify and prevent fraud, copyright infringement, unauthorized use, streaming and distribution of protected content and other criminal activity, and, if appropriate, file legal claims;
  • comply with and enforce applicable legal requirements, relevant industry standards and our policies, including our Terms of Use; and
  • for the purposes of operating our Site, such as for (i) customizing our users’ visits to our Site, (ii) delivering content tailored to our users’ interests and the manner in which our users browse our Site, and (iii) managing our Site and other aspects of our business.

We also use the personal data in other ways for which we provide specific notice at the time of collection.

WHO WE SHARE PERSONAL DATA WITH

We share your personal data with the following organizations:

Affiliates and subsidiaries
We share your personal data with our affiliates and subsidiaries. In particular we may share your personal data with:

  • Motion Picture Association – America Latina
  • Motion Picture Association – Canada
  • Motion Picture Association’s offices located in Mexico, Hong Kong and Singapore.
  • Motion Picture Association, Inc.

We share Content Protection Data with these affiliates and subsidiaries where appropriate in order to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).

Service Providers

We also share personal data with service providers who perform services on our behalf and under our instructions. We do not authorize these service providers to use or disclose the personal data except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these service providers include:

  • Online intermediaries – As part of our outreach during investigations, the MPA may communicate IP addresses with various intermediaries including hosting providers, registrars, registries, and ad networks. In addition, the MPA may also communicate user IDs with payment processors and online marketplaces while conducting outreach.
  • Content Protection Organizations (“CPOs”) – We engage local CPOs to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those CPOs to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
  • Law firms – We engage law firms to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those firms to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
  • Providers of office services – e.g.:
    • E-mail services, online hosted office products (such as Microsoft Word, Excel and Powerpoint), and other cloud-based services (such as Microsoft SharePoint and Teams).
    • Online storage services.

    Personal data collected through third-party plug-ins and widgets on the Site (such as information relating to your use of a social media sharing tool) are collected directly by the providers of the plug-ins and widgets. These personal data are subject to the privacy policies of the providers of the plug-ins and widgets, and the MPA EMEA is not responsible for those providers’ personal data practices.

Motion Picture Studios and ACE Members

In addition, we share personal data with the six motion picture studios that are members of the MPA, and their affiliates, as well as members of the Alliance for Creativity and Entertainment (“ACE”):

  • Walt Disney Studios Motion Pictures
  • Paramount Pictures Corporation
  • Sony Pictures Entertainment Inc.
  • Universal City Studios LLC
  • Warner Bros. Entertainment Inc.
  • Amazon Studios LLC
  • Netflix Studios, LLC

We transfer relevant personal data to relevant Motion Picture Studios and ACE members in connection with our content protection activities (see the section above entitled “Personal data we process”), in order to allow them to investigate such content protection issues and take appropriate legal action.

Other recipients of your personal data (including law enforcement authorities)

We also share personal data about you:

  • i. if we are required to do so by law or legal process;
  • ii. to law enforcement authorities or other government entities based on a lawful disclosure request;
  • iii. when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; and
  • iv. in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation). In those cases, we reserve the right to transfer personal data we have about you.

Members of the IPTV taskforce

In limited circumstances, we may share Content Protection Data with the Internet Protocol Television taskforce (the IPTV Taskforce). The IPTV taskforce is made up of the organizations listed at the end of this Privacy Policy in Appendix A.

The IPTV Taskforce discusses strategy and shares information (mostly of a non-personal nature) between its members in order to carry out content protection activities as far as they concern certain Internet Protocol Television services.

THE LEGAL BASIS WHICH WE RELY UPON

The MPA EMEA only processes your personal data:

  • i. if you have consented to such processing;
  • ii. to the extent that it is necessary for the performance of your agreement with us or in order to take steps at your request prior to entering into an agreement with us;
  • iii. to the extent that it is necessary to comply with our legal obligations; or
  • iv. to the extent that it is necessary for the purposes of our legitimate interests in protecting against, identifying and preventing fraud, copyright infringement, unauthorized use and distribution of protected content and other criminal activity.We have carefully balanced our legitimate interests against your data protection rights. The processing of personal data for the purposes of preventing fraud and other criminal activity is typically considered a legitimate interest under the GDPR.

YOUR RIGHTS AND CHOICES

You have a number of rights over the personal data which we process about you.

One key right is the right to object, at any time, to the processing of your personal data which is based on the MPA EMEA’s legitimate interests. Where we process your personal data for direct marketing purposes, you have the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

You also have the right to request access to the personal data that we process about you, to have your personal data corrected or erased, to restrict the processing of your personal data, as well as the right to data portability. In each case we will apply your preferences going forward.

Where we have obtained your consent for the processing of your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that has happened based on your consent prior to the withdrawal.

To exercise these rights or withdraw consent, you should submit a written request using the contact details set out below in the “How To Contact Us” section, below.

PERSONAL DATA TRANSFERS

In some cases we transfer the personal data we collect about you outside of the European Economic Area (“EEA”). We transfer personal data to our affiliates and subsidiaries in the following countries:

  • Brazil
  • Canada
  • Hong Kong
  • Mexico
  • Singapore
  • The United States

However, we may also transfer personal data to other countries where we are carrying out ‘content protection’ activities. The countries which we transfer personal data to will depend on where the particular infringer(s) reside and the country where we need to take action.

Those countries may not offer the same level of protection as the countries within the EEA, and so we will ensure that appropriate transfer mechanisms are in place as required by law, or the country where the relevant IPTV Taskforce member is located.

In some cases, your personal data is transferred to (or accessed from) countries for which the European Commission has issued an Adequacy Decision under Article 45 of the GDPR. This is the case for transfers of personal data to Canada.

We may transfer personal data to the MPA in the United States. The MPA is certified under the EU-U.S. Privacy Shield framework developed by the U.S. Department of Commerce and the European Commission regarding the transfer of personal data from the EEA to the U.S.. Click here to view the MPA’s EU-U.S. Privacy Shield Privacy Policy.

In other cases, we will implement appropriate safeguards to ensure that your personal data remains protected. This may include data transfer agreements, including standard contractual clauses (as permitted under Article 46.2 of the GDPR). You can obtain a copy of these by contacting us using the contact details in the “How to contact us” section below.

HOW WE PROTECT PERSONAL DATA

We maintain administrative, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

HOW LONG WE KEEP PERSONAL DATA FOR

In general we will store your personal data as long as the personal data are necessary to fulfil the purposes for which we collected it:

  • Content Protection Data – We store investigation-related personal data in a form that permits identification of individuals as long as it is necessary for purposes of the anti-piracy outreach and investigations that we conduct on behalf of the studio companies. On average, the personal data is deleted or anonymized 5 years after it was collected, to avoid that the same individuals would be re-investigated unnecessarily – particularly if those individuals have been cleared from any involvement in potential infringement cases.
  • Site Data – Site data is stored no longer than 1 year after it was collected.

In exceptional cases (e.g., in pending litigation matters) this personal data may need to be kept for longer periods of time.

LINKS TO OTHER WEBSITES AND APPS

Our Site provides links to other websites and apps for your convenience and information. These websites and apps may operate independently from us. Linked sites and apps usually have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.

UPDATES TO OUR EUROPEAN PRIVACY POLICY

This European Privacy Policy may be updated periodically to reflect changes in our personal data practices. We will post the updated version on the Site and indicate at the top of the European Privacy Policy when it was most recently updated.

QUESTIONS AND CONCERNS
If you have any questions or concerns with the way we handle your personal data, we encourage you to get in contact with us using the contact details in the “How to contact us” section below. You also have the right to lodge a complaint with the supervisory authority in your home country, at your place of work or of an alleged infringement of the GDPR.

HOW TO CONTACT US

If you have any questions or comments about this European Privacy Policy, or if you would like us to update information we have about you or your preferences, please email us at mpa_europe@motionpictures.org. You also may write to:

Motion Picture Association Europe
Attention: Privacy
Avenue des Arts 46 1000
Brussels Belgium

This is the MPA EMEA’s registered seat and offices.

Appendix A – the IPTV Taskforce

The IPTV Taskforce consists of the following members:

  • Amazon
  • BBCW
  • Bein
  • BT
  • CASBAA
  • Canal+
  • CBS
  • Channel 4
  • Channel 5
  • Discovery
  • Fox Australia Sports
  • Foxtel (Australia)
  • France Télévisions
  • HBO (Europe)
  • HBO Latam
  • ITV
  • La Liga
  • MultiChoice Africa
  • Warner Bros.
  • Paramount
  • Disney
  • Fox
  • NBCU
  • Sony
  • MySat / World Media
  • Netflix
  • OSN
  • Premier League
  • Rai
  • RTL
  • Sky DE
  • Sky UK
  • Sky Italy
  • Sky NZ
  • TVB (Television Broadcasts)
  • TVN (Poland)
  • UK TV
  • Virgin Media
  • VPRT
  • Charter Communications
  • NCTA
  • Rogers Communications
  • MTG