The responsible party within the meaning of the GDPR is:
Ephor Pictures Ltd
71-75 Shelton Street
Covent Garden, London
WC2H 9JQ, United Kingdom
In the following we refer to ourselves as "Ephor Pictures", "us" or "we".
General information on data processing
Personal data is collected and processed on our website for the purpose of technical processing, securing the technical systems, improving the website and the information and offers presented on it, as well as when using the communication options offered, such as the contact form, for processing your contact.
As a rule, personal data is only processed with the consent of the person concerned. An exception applies in cases where obtaining consent in advance is not possible for actual reasons or would require disproportionate effort. Below you will find further information on the purpose for which individual data is collected and what you can do to protect your personal data.
Depending on the settings of your browser, when you visit our website your internet browser stores so-called "cookies" on your system, i.e., small text files whose contents can be read out again by the browser and transmitted to requesting services. Cookies thus enable the recognition of your internet browser under certain circumstances.
You can prevent cookies from being stored on your system by making the appropriate browser settings or by setting your browser so that it only accepts cookies from certain websites or asks for your consent in advance. You can also delete cookies that have already been stored at any time using the functions of your browser. Please refer to the instructions for your browser for more information on these options.
Our website only places technical cookies on your system which are necessary for the operation of the site and the underlying content management system. If you prevent these cookies through your browser settings, the website may not function properly or may not be displayed correctly.
Access data processing
When you visit our website, we or our hosting provider (GoDaddy) collects data about each access, which may allow identification (in particular the IP address, but also the date and time as well as the pages called up, amount of data transferred, origin of the call and name and version of the browser software and similar technical data). This is data that is automatically transmitted by your Internet service provider and your Internet browser when you call up the page, must be retained at least for the duration of your visit and can also be stored and statistically evaluated as so-called "server log files".
The data is not merged with other personal data and is not used to determine the personal identity of a user. In the case of legal obligations or concrete suspicion of illegal use, the data may also be checked and evaluated for the purpose of criminal prosecution.
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR. The collected data is used for the technical operation of the website and to ensure and improve security (e.g., defence against hacker attacks). The data is used to make it anonymous and from this to obtain information on server utilisation or frequency of use of our website and, for example, to monitor the technical and economic needs of server operation.
As a rule, only anonymised data is stored. Personal data (such as the full IP address) is deleted as soon as it is no longer required for our processing purposes. In the case of our hosting provider, automated deletion takes place after six weeks.
Access data (see above) may also be collected by us for usage analysis and stored anonymously in order to create general statistical evaluations. The collection of analysis data by us is anonymised, IP addresses are stored exclusively in abbreviated form (maximum 2 of 4 bytes) and can thus no longer be assigned to individual users, so that the interest of users in the protection of their personal data is taken into account.
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR. The data collected for analysis purposes are used for the technical operation of the website and to ensure and improve security (e.g., defence against hacker attacks). The processing of the users' personal data into anonymous usage data also enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. The analysis data can be used to create so-called pseudonyms, but they are not combined with other personal data and are not used by us to determine the personal identity of site visitors.
Personal data is deleted as soon as it is no longer required for our recording purposes. In the case of data collected for usage analysis, this is usually the case as soon as the data has been anonymised. This happens directly after your visit to our website.
If you use the contact form offered on our website to contact us, the automated system will also collect personal data that you voluntarily enter in the input mask. In detail, the following personal data may be collected: Name; email address; further contact information, as far as you enter it in the free text field. You declare your consent to the processing of the personal data entered as part of the submission process.
You do not have to use the contact form. You can also use the other contact options provided for your enquiry. In this case, the personal data transmitted will be stored.
Ephor Pictures expressly points out that data transmissions on the Internet can have security gaps. We offer SSL encryption on our website. Please pay attention to the corresponding information in the address bar of your browser (e.g., lock symbol, "https" in front of the domain). Complete protection of data during input and transmission against access by third parties however cannot be guaranteed on the Internet.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. If the contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. The processing of personal data from the communication channels offered serves us to process the contact and in the event that follow-up questions arise from this, as well as - insofar as this arises from it - to process contractual and pre-contractual obligations and for the purpose of implementing the contract. In the event of contact being made, this also constitutes the necessary legitimate interest in processing the data. If you contact us because of the products and services we offer, we also store your personal data in order to be able to inform you about products and services in the future (for example, cinema operators about new releases of films or promotions, retailers about new releases or promotions). If you contact us as a service provider, subcontractor or "freelancer", we also store your personal data in order to be able to contact you in the future about specific projects.
Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. General communication is usually deleted in accordance with the legal regulations applicable to us for the storage of business letters.
Integration of third-party services and content
Individual areas of this website may contain integrated services or content from third-party providers. As a result of the fact that your browser requests content delivered by third-party providers when you call up the page, access data reported by your browser may also be collected and processed by these third-party providers, and cookies may be set and used on your system. We have no influence on how the third-party provider uses the collected data. Please refer to the respective data protection information of the third-party providers.
We have integrated videos from the provider Vimeo LLC and some of our pages contain videos from Vimeo. When you call up such a page on our website, a connection is established to the Vimeo servers. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
We use this service within our website on the basis of a legitimate interest - in the analysis, optimisation and economic operation of our online offer. The legal basis is Art. 6 para. 1 lit. f) GDPR.
Rights of the data subject
If personal data is processed by us or on our behalf, you are a data subject within the meaning of the GDPR, which entitles you to the following rights:
Right to information: you have the standardised right to information about the personal data stored about you.
Right to rectification: If the personal data stored by us concerning you is incorrect, you have the right to have it corrected.
Right to restriction of processing: you have the standardised right to restriction of the processing of personal data relating to you. If the processing has been restricted due to legal requirements, you will be informed by us before the restriction is lifted.
Right to erasure: you may request us to erase the personal data concerning you if they may no longer be processed. We try to protect data from accidental or deliberate destruction through organisational and technical measures. For this reason, we may delete any remaining copies of personal data from our active systems in response to deletion requests and will not remove all or part of such data from our back-up systems until our storage periods have expired.
Right to information: If you have exercised the right to rectification, erasure, or restriction of processing, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by us.
Right of objection: You have the right to object to the processing of personal data concerning you and can contact us to do so. We will no longer process the personal data concerning you after an effective objection, unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.
Right to revoke consent: You have the right to revoke your consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right to data portability: You have the standardised right to receive the personal data stored about you in a structured, common, and machine-readable format.
Right to complain to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Questions about data protection
If you have any questions about data protection by us, or if you wish to contact us about a matter concerning your personal data, we will be happy to assist you. You can reach us using the contact details provided. As a rule, we will reply to you by the technical means you have chosen for your enquiry.