Privacy Policy
EUROPEAN PRIVACY POLICY
Last Updated: November, 27, 2024
We at the Motion Picture Association Europe Middle East and Africa (“MPA EMEA”; “we”; “us”) respect your concerns about privacy. This European Privacy Policy describes the types of consumer personal data we collect, how we use the personal data, with whom we share the personal data and the rights and choices available to you regarding our use of the personal data. We also describe the measures we take to protect the security of the personal data and how you can contact us about our privacy practices. This European Privacy Policy has been updated to reflect the requirements of the EU General Data Protection Regulation (“GDPR”).
This European Privacy Policy does not apply to:
- The Motion Picture Association, Inc. (the “MPA”) or its other affiliates and subsidiaries; or
- Websites or mobile apps operated by MPA EMEA which have separate privacy policies or notices that do not reference this Policy.
PERSONAL DATA WE PROCESS
We obtain personal data about you in various ways. In this section, we explain the personal data we process.
Note that where we specifically ask you to provide us with your personal data, we will indicate whether providing the personal data is a statutory or contractual requirement, or a requirement necessary to enter into an agreement with us, as well as whether you are obliged to provide the personal data and what the possible consequences are if you fail to provide it.
Content protection investigation (“Content Protection Data”)
We obtain and share certain personal data to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).
For these purposes, we obtain personal data from third-party information services companies, the Internet (including social media sites), public registers, law enforcement authorities and others.
We obtain certain personal data in connection with our content protection activities that we typically do not collect in connection with our other activities covered by this European Privacy Policy. Depending on the circumstances, we may collect the following personal data:
- Name including nickname/alias;
- Personal characteristics (such as age, gender, marital status);
- Family composition;
- Email address(es);
- Physical address(es);
- IP address(es) or other identification numbers;
- Bank account details;
- Paypal or other payment provider account details;
- Crypto wallet details;
- Details of suspected infringement of copyright and other protections;
- Social media accounts;
- Employment information (including position or function);
- Phone number(s);
- Education and training;
- Images;
- Old email and physical address(es);
- Web domains registered by the individual;
- Automobile/motorcycle registration and license plate; and
- Litigation that has been submitted to courts and tribunals as well as to administrative judicial bodies.
We also, to the extent permitted by applicable law, collect personal data about any suspected or actual criminal activity that we are investigating (such as criminal copyright infringement). We can process such personal data pursuant to the 2018 Belgian Data Protection Act.
Government Affairs Data
Personal and Business Contact Information, including name, job title/position, postal and e-mail address, telephone number and relevant organization/authority references.
We may collect other categories of personal data, depending on the case.
Personal data we obtain by automated means (“Site Data”)
When you visit our website (https://www.mpa-emea.org, the “Site”), open our emails or interact with MPA EMEA-related tools, widgets or plug-ins, we collect certain personal data by automated means, such as cookies, web server logs, web beacons and JavaScript.
We record the following personal data:
- your device type;
- your operating system type;
- your browser type, domain, and other system settings (such as the language your system uses);
- the country and time zone where your device is located;
- the address of the web page that referred you to our Site;
- the IP address of the device you use to connect to our Site; and
- your interaction with the Site, such as which pages you visit.
Our Site is not designed to respond to “do not track” signals from browsers.
HOW WE USE THE PERSONAL DATA WE OBTAIN
We use the personal data described above to:
- protect against, identify and prevent fraud, copyright infringement, unauthorized use, streaming and distribution of protected content and other criminal activity, and, if appropriate, file legal claims;
- comply with and enforce applicable legal requirements, relevant industry standards and our policies, including our Terms of Use; and
- for the purposes of operating our Site, such as for (i) customizing our users’ visits to our Site, (ii) delivering content tailored to our users’ interests and the manner in which our users browse our Site, and (iii) managing our Site and other aspects of our business.
We also use the personal data in other ways for which we provide specific notice at the time of collection.
WHO WE SHARE PERSONAL DATA WITH
We share your personal data with the following organizations:
Affiliates and subsidiaries
We share your personal data with our affiliates and subsidiaries. In particular we may share your personal data with:
- Motion Picture Association – America Latina
- Motion Picture Association – Canada
- Motion Picture Association’s offices located in Mexico, Hong Kong and Singapore
- Motion Picture Association, Inc. in the United States
We share Content Protection Data with these affiliates and subsidiaries where appropriate in order to detect, investigate and deter the unauthorized copying, viewing, use, distribution and sale of protected and copyrighted content (e.g., motion pictures and TV shows).
Service Providers
We also share personal data with service providers who perform services on our behalf and under our instructions. We do not authorize these service providers to use or disclose the personal data except as necessary to perform services on our behalf or to comply with legal requirements. Examples of these service providers include:
- Online intermediaries – As part of our outreach during investigations, the MPA may communicate personal data of suspects with various intermediaries including hosting providers, registrars, registries, and ad networks. In addition, the MPA may also communicate user IDs with payment processors and online marketplaces while conducting outreach.
- Content Protection Organizations (“CPOs”) – We engage local CPOs to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those CPOs to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
- Law firms – We engage law firms to advise us on our content protection activities and to assist us in pursuing enforcement action. In order for those firms to assist and advise us, we may share with them the personal data which we collect in the course of our content protection activities.
- Third-party investigators – we engage these entities to identify and locate suspects who infringe our members’ rights.
- Providers of office services – e.g.:
- E-mail services, online hosted office products (such as Microsoft Word, Excel and Powerpoint), and other cloud-based services (such as Microsoft SharePoint and Teams).
- Online storage services.
Personal data collected through third-party plug-ins and widgets on the Site (such as information relating to your use of a social media sharing tool) are collected directly by the providers of the plug-ins and widgets. These personal data are subject to the privacy policies of the providers of the plug-ins and widgets, and the MPA EMEA is not responsible for those providers’ personal data practices.
Motion Picture Studios and ACE Members
In addition, we share personal data with the seven motion picture studios that are members of the MPA, and their affiliates, as well as members of the Alliance for Creativity and Entertainment (“ACE”):
- Walt Disney Studios Motion Pictures
- Paramount Pictures Corporation
- Sony Pictures Entertainment Inc.
- Universal City Studios LLC
- Warner Bros. Entertainment Inc.
- Amazon Studios LLC
- Netflix Studios, LLC
- Groupe Canal+
- Apple Video Programming, LLC
- DAZN Limited
- beIN Media Group WLL
We transfer relevant personal data to relevant Motion Picture Studios and ACE members in connection with our content protection activities (see the section above entitled “Personal data we process”), in order to allow them to investigate such content protection issues and take appropriate legal action.
Other recipients of your personal data (including law enforcement authorities)
We also share personal data about you:
- i. if we are required to do so by law or legal process;
- ii. to law enforcement authorities or other government entities based on a lawful disclosure request;
- iii. when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; and
- iv. in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation). In those cases, we reserve the right to transfer personal data we have about you.
Members of the IPTV taskforce
In limited circumstances, we may share Content Protection Data with the Internet Protocol Television taskforce (the IPTV Taskforce). The IPTV taskforce is made up of the organizations listed at the end of this Privacy Policy in Appendix A.
The IPTV Taskforce discusses strategy and shares information (mostly of a non-personal nature) between its members in order to carry out content protection activities as far as they concern certain Internet Protocol Television services.
THE LEGAL BASIS WHICH WE RELY UPON
The MPA EMEA only processes your personal data:
- i. if you have consented to such processing;
- ii. to the extent that it is necessary for the performance of your agreement with us or in order to take steps at your request prior to entering into an agreement with us;
- iii. to the extent that it is necessary to comply with our legal obligations; or
- iv. to the extent that it is necessary for the purposes of our legitimate interests (ie the legitimate interests of MPA/ACE Members) in protecting against, identifying and preventing fraud, copyright infringement, unauthorized use and distribution of protected content and other criminal activity. We have carefully balanced our legitimate interests against your data protection rights. The processing of personal data for the purposes of preventing fraud and other criminal activity is typically considered a legitimate interest under the GDPR.
- v. to protect MPA’s members’ right to a fair trial under Art. 6 of the European Convention of Human Rights
- vi. processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
YOUR RIGHTS AND CHOICES
You have a number of rights over the personal data which we process about you.
One key right is the right to object, at any time, to the processing of your personal data which is based on the MPA EMEA’s legitimate interests. Where we process your personal data for direct marketing purposes, you have the right to object at any time to such processing, including for profiling purposes to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
You also have the right to request access to the personal data that we process about you, to have your personal data corrected or erased, to restrict the processing of your personal data, as well as the right to data portability. In each case we will apply your preferences going forward.
Where we have obtained your consent for the processing of your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that has happened based on your consent prior to the withdrawal.
To exercise these rights or withdraw consent, you should submit a written request using the contact details set out below in the “How To Contact Us” section, below.
PERSONAL DATA TRANSFERS
In some cases we transfer the personal data we collect about you outside of the European Economic Area (“EEA”). We transfer personal data to our affiliates and subsidiaries in the following countries:
- Brazil
- Canada
- Hong Kong
- Mexico
- Singapore
- The United States
However, we may also transfer personal data to other countries where we are carrying out ‘content protection’ activities. The countries which we transfer personal data to will depend on where the particular infringer(s) reside and the country where we need to take action.
Those countries may not offer the same level of protection as the countries within the EEA, and so we will ensure that appropriate transfer mechanisms are in place as required by law, or the country where the relevant IPTV Taskforce member is located.
In some cases, your personal data is transferred to (or accessed from) countries for which the European Commission has issued an Adequacy Decision under Article 45 of the GDPR. This is the case for transfers of personal data to Canada.
In other cases, we implement appropriate safeguards to ensure that your personal data remains protected. This may include data transfer agreements, including standard contractual clauses (as permitted under Article 46.2 of the GDPR). You can obtain a copy of these by contacting us using the contact details in the “How to contact us” section below.
HOW WE PROTECT PERSONAL DATA
We maintain administrative, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
HOW LONG WE KEEP PERSONAL DATA FOR
In general we will store your personal data as long as the personal data are necessary to fulfil the purposes for which we collected it:
- Content Protection Data – We store investigation-related personal data in a form that permits identification of individuals as long as it is necessary for purposes of the anti-piracy outreach and investigations that we conduct on behalf of the studio companies. On average, the personal data is deleted or anonymized 5 years after it was collected, to avoid that the same individuals would be re-investigated unnecessarily – particularly if those individuals have been cleared from any involvement in potential infringement cases.
- Site Data – Site data is stored no longer than 1 year after it was collected.
In exceptional cases (e.g., in pending litigation matters) this personal data may need to be kept for longer periods of time.
LINKS TO OTHER WEBSITES AND APPS
Our Site provides links to other websites and apps for your convenience and information. These websites and apps may operate independently from us. Linked sites and apps usually have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.
UPDATES TO OUR EUROPEAN PRIVACY POLICY
This European Privacy Policy may be updated periodically to reflect changes in our personal data practices. We will post the updated version on the Site and indicate at the top of the European Privacy Policy when it was most recently updated.
QUESTIONS AND CONCERNS
If you have any questions or concerns with the way we handle your personal data, we encourage you to get in contact with us using the contact details in the “How to contact us” section below. You also have the right to lodge a complaint with the supervisory authority in your home country, at your place of work or of an alleged infringement of the GDPR.
HOW TO CONTACT US
If you have any questions or comments about this European Privacy Policy, or if you would like us to update information we have about you or your preferences, please email us at mpa_europe@motionpictures.org. You also may write to:
Motion Picture Association International Holdings (Belgian Branch Office)
Attention: Privacy
Avenue des Arts 46 1000
Brussels Belgium
This is the MPA EMEA’s registered seat and offices.
Appendix A – the IPTV Taskforce
The IPTV Taskforce consists of the following members:
- Amazon
- A+E Networks UK
- AVIA
- BBCW
- BBCS
- Bein
- BT
- CASBAA
- Canal+
- CBS
- Channel 4
- Channel 5
- CODA
- DAZN
- DFL
- Discovery
- Fox Australia Sports
- Foxtel (Australia)
- France Télévisions
- FDA
- HBO (Europe)
- HBO Latam
- IBCAP
- ITV
- La Liga
- MultiChoice Africa
- Media Management Europe
- Warner Bros.
- Paramount
- Disney
- Fox
- NBCU
- Sony
- MySat / World Media
- Netflix
- OSN
- Premier League
- Rogers Communications
- Rai
- RTL
- Sky DE
- Sky UK
- Sky Italy
- Sky NZ
- TVB (Television Broadcasts)
- TVN (Poland)
- UK TV
- Virgin Media
- VPRT
- Charter Communications
- NCTA
- NOS Portugal
- Rogers Communications
- MTG
- WDR
- NHK