PRIVACY POLICY

[Last updated: 06/09/2023]

1. Introduction

1. TV Rain (hereinafter – "We", "Our" or "Us") as a licensed broadcasting service provider is committed to protecting the privacy and security of your personal data information. Your privacy is important to us, and we are committed to ensuring the security and confidentiality of your information.
2. This Privacy Policy outlines how we collect, use, store, disclose, safeguard and protect your personal information when you visit our website, access our services or interact with our content and/or website: https://tvrain.tv/ (hereinafter – “Website”).
3. This Privacy Policy applies to all users and individuals, regardless of their location, who interact with our services, website and content. We are dedicated to upholding the highest standards of data privacy and protection, and we adhere to the principles and requirements set forth by the General Data Protection Regulation (EU) 2016/679 (hereinafter – “GDPR”), regardless of your jurisdiction.
4. We are dedicated to complying with all applicable data protection laws, and where such laws provide greater protections or impose more stringent requirements than the GDPR, we will adhere to these stricter standards to ensure the utmost security and privacy of your personal information.
5. We will always process your personal information in accordance with applicable privacy and data protection laws, including the GDPR and privacy and electronic communication regulations, as well as other applicable data protection laws.
6. We collect information from our website users, subscribers, customers and prospects. The information below describes what information we collect and how it is used.
7. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY IN WHOLE OR ANY PART OF IT, PLEASE DO NOT USE OUR WEBSITE, AS WELL AS DO NOT ACCESS OUR SERVICES OR INTERACT WITH OUR CONTENT.

2. Our Privacy and Data Protection Principles

1. While processing personal data, we respect the following principles:

1. Fairness and transparency – personal data is processed in a transparent manner in relation to the data subject and the data subject has a right of access to his/her processed data and receives information on objectives and principles of processing when personal data is obtained as well as information on the subject’s rights in relation to personal data processing;
2. Purpose limitation – data is collected and processed only for specified, explicit and legitimate purposes;
3. Data minimisation – data processed is adequate to the purpose for which it is processed, so redundant or excessive data is not processed;
4. Accuracy – we take every reasonable step to ensure that personal data is accurate and that data subjects have unrestricted right to access their data, have it supplemented or rectified;
5. Storage limitation – personal data is kept only for the period necessary for the purposes and is permanently removed after that period;
6. Integrity and confidentiality – we use technical or organisational measures that protect data against accidental or unlawful disclosure or enable protection against accidental or unlawful destruction or modification;
7. Accountability – we document the process of personal data processing.

3.  Information collected and processed

1.  We may collect and process the following categories of personal data when you use our services:

1. Information provided by you – we may collect various types of personal information about our users, which may include but is not limited to name and surname, email address, location data (for example, country, region, city or town), job title, gender, address, telephone number, email address, preferences in receiving communications and other contact details, as well as payment and billing information (if applicable);
2. Device Information – we may collect information about the devices you use to access our content and services, including IP address (a unique number assigned to your computer that allows web servers to locate and identify your computer), device type, operating system, browser type and other technical data, such as, for example, the website's URL you came from and went to, as well as information collected about your use of our services (such as what you read or watched). This information is compiled and may be analysed on both an individual and an aggregated basis.
3. Viewing Preferences – we may collect data on your viewing preferences, such as the content you watch and your interactions with our content and services.

2. We collect your information in differing ways, such as when you:

1. Visit our website, use our mobile apps or our smart TV apps;
2. Contact our company, staff or representatives;
3. Engage on social media platforms;
4. Submit requests, order a product or service, sign up for information, promotions or competitions, send us feedback.

3. We also collect information through cookies from information in the public domain.

4.  How We Use Your Information

1.  We use the collected data for the following purposes:

1. To provide, maintain our services and improve our services and content;
2. To personalize and improve your experience with our services and content;
3. To personalize your interactions with our website and content;
4. To process your requests, communicate with you, respond to inquiries and provide customer support;
5. To analyse usage patterns and trends to enhance the service's performance and features;
6. To send you service-related communications, updates, and promotional materials;
7. To process payments and fulfil orders (if applicable);
8. To analyse user behaviour and improve our website and services;
9. To comply with legal obligations and enforce our terms and conditions.

5.  Legal Basis for Data Processing

1.  We will only process your personal data when we have a valid legal basis, which may include:

1. Your consent to the processing: We will seek your consent for specific data processing activities where required by law. You have the right to withdraw your consent at any time. 
2. Performance of Service: Processing necessary for the performance of a contract/services or to take steps at your request before entering into the contract;
3. Legitimate Interests: Processing necessary for our legitimate interests in providing and improving our services and content, understanding your preferences and marketing our services.
4. Compliance with legal obligations: We may process your personal data when necessary to comply with legal obligations imposed on us by applicable laws and regulations.

6. Data Sharing and Third Parties

1. We may share your personal data with third parties for the following purposes:

1. With service providers: We may share your information with third-party service providers to help us operate and improve our services (e.g., hosting, analytics). These providers are contractually bound to use your data solely for the purposes specified by us;
2. With partners and affiliates: We may share aggregated or anonymized data with our partners and affiliates for analytical and marketing purposes;
3. With legal authorities or regulatory bodies if required by law: We may share your personal data when required by applicable laws, regulations, court orders, legal processes or other lawful request from governmental authorities. We will take appropriate measures to ensure that any data disclosures to legal authorities or regulatory bodies are done in compliance with applicable laws and regulations. We will also prioritize safeguarding the confidentiality and security of your personal data during such disclosures.

2.  We will only disclose your information:

1. if it is necessary to provide a product, service or information;
2. in case of acquisition of our company by a third party or in case of a merger or joint venture;
3. where we are under a legal obligation to disclose your personal information.

7. Data Protection Measures

1. The GDPR and other applicable data protection laws requires to build data protection considerations and security measures into all of our operations that involve the processing of personal data. In this framework we take into account the following factors:

1. Technological capacities;
2. The cost of implementation;
3. The nature, scope, opportunity and purposes of data processing;
4. The risks posed by such data processing to rights and freedoms of individuals.

2. Within the scope of this Privacy Policy and for the purposes of due and effective data and privacy protection, we implement in our practice the following measures:

1. Data Security Responsibilities: We take data security seriously and outline the responsibilities of all our employees, contractors, and third-party processors to adhere to data protection principles. 
2. Encryption and Anonymization: We use industry-standard encryption and anonymization techniques, where appropriate, to ensure data confidentiality and privacy, as well as safeguard personal data during transmission and storage. This ensures that user data remains confidential and protected from unauthorized access.
3. Data Access Controls: Access to personal data is restricted to our authorized personnel only. Our system uses role-based access controls and two-factor authentication to prevent unauthorized access to sensitive data.
4. Data Minimization: We only collect and processes the minimum amount of personal data necessary for the purposes, specified in our Privacy Policy, as well as to avoid collecting excessive data that is not directly relevant to the purpose. 
5. Data Breach Response: In case of a data breach, we notify the supervisory authority (in our case - Dutch Data Protection Authority) and affected individuals within the timeframes, specified by the GDPR, as well as implement all reasonable and possible measures for elimination or minimization of negative effect of such data breach.
6. Security Incident Reporting: We have a clear mechanism for users to report any security incidents or concerns related to their personal data to us. Our Data Protection Officer is responsible for implementing the necessary steps and actions for safeguarding personal data and privacy protection of such users.
7. Secure Development Practices: We implement secure coding practices during the development of applications and systems to minimize the risk of introducing security vulnerabilities.
8. Incident Response Plan: We have our developed incident response plan that outlines the steps taken in case of a data breach or security incident, including notifying affected parties and regulatory authorities as required by law.
9. Secure Storage: We ensure that all data is stored securely. For these purposes we use firewalls, intrusion detection/prevention systems and other security measures in order to protect against unauthorized access.
10. Data Backup and Recovery: We regularly back up our data and implement a data recovery plan to ensure that we can restore data as much as possible in case of a breach or other data loss events.
11. Record keeping:   To demonstrate our GDPR compliance, we keep various records of our data processing activities.
12. Third-Party Processors: If we share personal data with third-party processors, we ensure that such processors comply with GDPR data security requirements. In particular, we obtain guarantees of their GDPR compliance through concluding data processing agreements and/or other contracts.
13. International Data Transfers: If we transfer personal data outside the EU, we ensure an adequate level of data protection in accordance with GDPR requirements. We use Standard Contractual Clauses and Binding Corporate Rules for adequate protection of data transfers in third countries (if such).
14. Security Audits and Assessments: We conduct regular security audits, monitoring and/or assessments to evaluate the effectiveness of data security measures and make all the necessary changed and updates in case of such a need. Our Data Protection Officer is responsible for implementing all the necessary steps for safeguarding personal data and privacy protection.
15. Specific staff trainings: Specific trainings are carried out for our staff who handles personal data of individuals. We implement best data security practices and make sure that our employees fully understand the importance and significance of handling data responsibly. All employees should be aware of the risks of data leaks, as well as the steps and actions they can take to prevent them.
16. User Responsibilities: In case of any suspicious activities related to their personal data, the user shall promptly send a report to our Data Protection Officer to protect their own account credentials. After receiving such reports, our Data Protection Officer will promptly take all the necessary steps.
17. Firewalls: We use firewalls to protect your network from unauthorized access and potential external threats.
18. Intrusion Detection/Prevention Systems (IDS/IPS): We use IDS/IPS to monitor network traffic and identify potential security breaches or suspicious activities.
19. Physical Security: If applicable, we also implement physical security measures in place to protect data centers and servers, including access controls, surveillance and monitoring.
20. Children's Data Protection: If our website or services target children, we implement additional security measures in accordance with parental consent requirements for processing their personal data.
21. Special Rules for Vulnerable Peoples: We also take into account the needs of vulnerable peoples that are participants of our content. We implement due and effective measures for their data protection as well.
22. Special (Sensitive) Data Protection:  There are some categories of data that are particularly sensitive, such as:

1. Racial or ethical origin;
2. Political opinions;
3. Religious or philosophical beliefs;
4. Trade union membership;
5. Physical or mental health;
6. Biometric or genetic data; and
7. Criminal offenses or convictions.

In case of such data, GDPR requires us to have an additional legal ground for their processing. The GDPR has strict rules on sensitive data processing, so we process such data only if the legal grounds are duly met.

23. Updates to Data Security Provisions: We reserve the right to update and modify the data security provisions of the Privacy Policy to reflect changes in technology, regulations, or our practices.

8. International Data Transfers

1. Your personal data may be processed in and transferred to countries outside the European Economic Area (EEA).
2. When we transfer data to countries without adequate data protection laws, we will implement suitable safeguards, such as standard contractual clauses or other approved mechanisms.

9. Data Retention

1. We will retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law.
2. Data retention periods may vary depending on the nature of the data and the purposes for which it is processed.
3. After a retention period has lapsed, the information is securely deleted, unless it is necessary for the establishment, exercise or defense of legal claims.

10.   Your Rights and Data Security 

1. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction.
2. We do our best to protect your privacy and data security. However, despite the caution and means of protection, you should know that we cannot be responsible for the safety of your information when transmitting/receiving over the Internet or wireless means.
3. As a data subject under the GDPR, you have certain rights concerning your personal data, including:

1. The right to access, correct, or update your information;
2. The right to request the erasure of your data (right to be forgotten)
3. The right to object to the processing of your data;
4. The right to restrict the processing of your data;
5. The right to data portability;
6. The right to withdraw any consent to processing you have provided us;

4. To exercise these rights, please contact us by [email protected] and send your request. We will respond to your requests promptly and in accordance with applicable laws.

11.     Cookies and Tracking Technologies

1. We use cookies and similar tracking technologies to enhance your user experience.
2. A cookie is a small data text file which a website can store on your computer that can identify you. They help the website recognize your device and remember information about your preferences, actions, and settings. Cookies can be either session cookies (deleted when you close your browser) or persistent cookies (remain on your device for a defined period or until deleted).
3. Our website stores cookies on your computer:

1. to facilitate and customise your use of our website, including analysing web traffic and seeing what information people are interested in
2. to deliver advertising;
3. to identify whether you are signed into our website;
4. to store information about preferences;
5. to help us personalize the website to you by remembering your preferences and settings;
6. to use information in aggregate (where no individual is identified) for marketing and strategic purposes.

4. We use:

1. Strictly Necessary Cookies: These cookies are essential for the proper functioning of our Website. They enable you to navigate the site and use its features, such as accessing secure areas.
2. Performance Cookies: These cookies collect anonymous information about how visitors use our Website. They help us improve the performance of the site, identify popular pages, and understand how users interact with the content.
3. Functional Cookies: These cookies allow our Website to remember choices you make (such as language preferences) and provide enhanced, more personalized features.
4. Targeting/Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They may also be used to limit the number of times you see an ad and measure the effectiveness of ad campaigns.
5. Third-Party Cookies: We may also allow third-party service providers, such as advertisers and analytics companies, to set cookies on our Website. These cookies enable them to deliver relevant advertisements and analyze website traffic and usage. Third-party cookies are subject to the privacy policies of these third parties.

5. Cookie Consent and Management: By continuing to use our Website, you consent to the use of cookies as described in this Privacy Policy. You can manage your cookie preferences and withdraw consent at any time through our Cookie Settings. Additionally, you can control and delete cookies through your browser settings. However, please note that disabling certain cookies may affect the functionality of our Website.
6. You can decline our cookies if your browser permits and you may be able to set your browser to refuse cookies, but you may not be able to use all services on our websites if that is the case.
7. Some cookies are always on when you visit us, and you can’t turn them off unless you change your browser settings. These are strictly necessary cookies.
8. We use strictly necessary cookies to make sure our services work correctly and are meeting audience needs and interests. Strictly necessary cookies are always on when you visit our website. On your first visit, we will tell you about our other types of cookies and ask you to choose which cookies we can use.
9. You can always change your mind by going to your settings. Stopping all cookies might mean you cannot access some our services and content, or that some of them might not work properly for you.
10. We also use functional, performance and advertising cookies to make your experience more enjoyable. You can switch these on or off at any time.
11. We will only use them if you’ve agreed with these cookies.

12.    Third-party privacy

1. Our websites may contain links to websites operated by third parties with their own privacy policies.
2. We do not accept any responsibility or liability for the practices of such third-party websites and use of such websites is at your own risk.

13.     Changes to this Privacy Policy 

1. We may update this Privacy Policy from time to time.
2. We will notify you of any material changes by placing a notice on our website or by other means.
3. We encourage you to periodically check back and review this Policy so that you are up-to-date.

14.   Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us: [email protected].

15.    What if you are still unhappy and you have a complaint

1. You have a right to complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), which regulates data protection compliance in the Netherlands, if you are unhappy with how we have processed your personal data.
2. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has been appointed by law as the supervisory data protection authority and supervises compliance with the GDPR and the Implementation Act.
3. The Dutch Data Protection Authority's contact details are as follows:

Autoriteit Persoonsgegevens

Postbus 93374 2509 AJ DEN HAAG

Telephone number: (+31) - (0)70 - 888 85 00

Website: https://autoriteitpersoonsgegevens.nl/en