Privacy Policy

1.1 Important information and who we are

Welcome to LePrince CineController Ltd’s Privacy and Data Protection Policy (“PrivacyPolicy”).

At LePrince CineController Ltd (“we”, “us”, or “our”) we are committed to protecting andrespecting your privacy and Personal Data in compliance with the United Kingdom GeneralData Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other mandatorylaws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process and keep your data safe. The PrivacyPolicy will tell you about your privacy rights, how the law protects you, and inform ouremployees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include:

• Customers
• Suppliers
• Business contacts
• Employees/Staff Members
• Third parties connected to your customers

and any other people that the organisation has a relationship with or may need to contact.

This Privacy Policy applies to all our employees and staff members and all Personal Dataprocessed at any time by us.

1.2 Your Data Controller

LePrince CineController Ltd is your Data Controller and responsible for your PersonalData. We are not obliged by the GDPR to appoint a data protection officer and have notvoluntarily appointed one at this time. Therefore, any inquiries about your data shouldeither be sent to us by email to contact@Leprince.io or by post to Flat 5, 2 ClementAvenue, Flat5, 2 Clement Avenue, London, SW4 7TY, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner’sOffice (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Wewould, however, appreciate the chance to deal with your concerns before you approachthe ICO so please contact us in the first instance.

1.3 Processing data on behalf of a Controller and processors’ responsibility to you

In discharging our responsibilities as a Data Controller we have employees who will dealwith your data on our behalf (known as “Processors”). The responsibilities below may beassigned to an individual or may be taken to apply to the organisation as a whole. TheData Controller and our Processors have the following responsibilities:

• Ensure that all processing of Personal Data is governed by one of the legal baseslaid out in the GDPR (see 2.2 below for more information);
• Ensure that Processors authorised to process Personal Data have committedthemselves to confidentiality or are under an appropriate statutory obligation ofconfidentiality;
• Implement appropriate technical and organisational measures to ensure a level ofsecurity appropriate to the risk associated with the processing of Personal Data;
• Obtain the prior specific or general authorisation of the Controller before engaginganother Processor;
• Assist the Controller in the fulfilment of the Controller's obligation to respond torequests for exercising the data subject's rights;
• Make available to the Controller all information necessary to demonstratecompliance with the obligations laid down in the GDPR and allow for and contributeto audits, including inspections, conducted by the Controller or another auditormandated by the Controller;
• Maintain a record of all categories of processing activities carried out on behalf of aController;
• Cooperate, on request, with the supervisory authority in the performance of itstasks;
• Ensure that any person acting under the authority of the Processor who has accessto Personal Data does not process Personal Data except on instructions from theController; and
• Notify the Controller without undue delay after becoming aware of a Personal DataBreach.

2.1 Types of data / Privacy policy scope

"Personal Data” means any information about an individual from which that person canbe identified. It does not include data where the identity has been removed (anonymousdata).

We may collect, use, store and transfer different kinds of Personal Data about you whichwe have grouped together below. Not all of the following types of data will necessarily becollected from you but this is the full scope of data that we collect and when we collect itfrom you:

• Profile/Identity Data: This is data relating to your first name, last name, gender, dateof birth.
• Contact Data: This is data relating to your phone number, addresses, emailaddresses, phone numbers.
• Marketing and Communications Data: This is your preferences in receivingmarketing information and other information from us.
• Chat and negotiation data: Chat messages Proposal details (including profitpercentages, delivery methods, pricing, etc.)
• Name and company name: The full name of the individual or entity registering onthe platform.
• Email address: The email address used for account registration, communication,and notifications.
• Mobile number: A personal or professional contact number provided forcommunication purposes.
• Territory: The geographical area where the user operates, relevant to distributionand screening rights.
• Picture: An image uploaded by the user to represent their account on the platformand A larger, banner-style image used to personalize a user's account profile.
• Billing information: Payment details, including credit card or bank accountinformation, used for processing transactions.
• Film name: The official title of the film submitted for distribution or screening.
• Film Info: Film name, country, year of release, rating, language, synopsis, pitch,genre, keywords, cast and crew, release date, awards and festivals
• Film documents: Any supplemental documents related to the film (e.g., press kits,distribution agreements) in PDF format.
• Film assets: Trailers, film clips, trailers, stills, pictiures and soundbites
• Event info: film eveny type, name, link, time and image
• film reviews: Written reviews submitted by users regarding a particular film.
• Film rights information: the ownership and financial claims for films uploaded
• Film copy: the main film file in any format
• Film distribution prefrences: terms and conditions of how films will be distributed
• DCP keys : DCP keys that allow a screening to go ahead
• film reports: data about screening success
• cinema information: official cinema name, address, contact details, accessibility info,screens and capacity, type, opening hours, photographs
• Employee: a cinema's programmers and their details
• DCP keys : DCP keys that allow a screening to go ahead
• screen format and specs: Technical specifications for each cinema screen, includingformat and dimensions.
• Terms of cinema use: The terms and conditions cinemas provide for the use of theirscreens for screenings.
• Delivery key for online transfer: A secure key used for delivering Digital CinemaPackages (DCP) to cinemas.
• DCP: The digital file package containing the film, formatted for cinema projection.
• about section : A brief description provided by the user to introduce themselves ortheir business.

We do not collect any Special Categories of Personal Data about you (this includes detailsabout your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation,political opinions, trade union membership, information about your health, and geneticand biometric data). Nor do we collect any information about criminal convictions andoffences.

2.2 The Legal Basis for Collecting That Data

There are a number of justifiable reasons under the GDPR that allow collection andprocessing of Personal Data. The main avenues we rely on are:

• “Consent”: Certain situations allow us to collect your Personal Data, such as whenyou tick a box that confirms you are happy to receive email newsletters from us, or‘opt in’ to a service.
• “Contractual Obligations”: We may require certain information from you in orderto fulfil our contractual obligations and provide you with the promised service.
• “Legal Compliance”: We’re required by law to collect and process certain types ofdata, such as fraudulent activity or other illegal actions.
• “Legitimate Interest”: We might need to collect certain information from you to beable to meet our legitimate interests - this covers aspects that can be reasonablyexpected as part of running our business, that will not have a material impact onyour rights, freedom or interests. Examples could be your address, so that we knowwhere to deliver something to, or your name, so that we have a record of who tocontact moving forwards.

3.1 Our data uses

We will only use your Personal Data when the law allows us to.

Set out below is a table containing the different types of Personal Data we collect and thelawful basis for processing that data. Please refer to section 2.2 for more information onthe lawful basis listed in the table below.5

Examples provided in the table below are indicative in nature and the purposes for which we use your data may be broader than described but we will never process your data without a legal basis for doing so and it is for a related purpose. For further inquiriesplease contact us.