www.netfest.org - World Film Festival Screening Platform

Privacy Policy

(including the End User License Agreement – EULA)

Last updated: April 10, 2025

Who we are

This Policy is provided by Ellipsis Media International s.r.l., as the Data Controller, in accordance with EU Regulation 2016/679 (GDPR).

The Netfest brand is a registered trademark owned by Ellipsis Media International s.r.l.

For any information regarding the processing of your personal data or to exercise your rights, please refer to the Contact section at the end of this document.

Welcome to Netfest. This policy represents a legal document that combines the End User License Agreement (EULA) and the Privacy Policy, and governs the use of the Netfest platform, including its web, desktop and mobile applications, related modules and interfaces, as well as its associated services.

The aim is to provide you with a clear, transparent and comprehensive overview of how we process your personal data, what your rights are, and how we are committed to protecting your privacy, in full compliance with the European Regulation 2016/679 (GDPR).

1. End User License Agreement (EULA)

This EULA governs the terms and conditions applicable to the use of the platform and its applications. By using, installing, or accessing our services, you fully and knowingly accept this agreement. If you do not agree, we invite you not to use the platform.

License and Limitations

Netfest grants you a limited, personal, non-exclusive and non-transferable license to access the platform and related services. You may not:

  • modify, decompile or alter the software;
  • use the services in violation of laws, regulations or Terms of Use;
  • reproduce, distribute or share confidential or proprietary content with third parties;
  • take screenshots of confidential data for unauthorized purposes.

Any misuse may result in access revocation and legal liability.

2. Introduction to Personal Data Protection

Protecting your personal data is a core commitment for us. We process your data responsibly and in accordance with the principles of lawfulness, fairness, transparency, minimization, accuracy, integrity and confidentiality.

This policy illustrates, in a detailed and accessible way, how we collect, store, use, protect, and sometimes share your data, specifying the purposes of the processing and your rights.

3. What personal data we collect

Depending on your interaction with the platform (registration, use of services, communications), we collect various types of data:

  • Identification and contact data: first name, last name, email address, phone number;
  • Account and preference data: credentials, language, settings, interest lists;
  • Payment and billing data: transactions, payment method, tax information;
  • Technical data: IP address, operating system, browser type, access times;
  • Browsing data: pages visited, time spent, content interactions;
  • Communication data: emails, support requests, messages sent via forms;
  • Work-related or collaborative data: files, multimedia content, reports;
  • Data collected via cookies: see dedicated section.

We may also collect non-personal information, which we process in aggregate and anonymous form for statistical or service improvement purposes.

4. Purpose of processing

The massive or automated collection of users’ personal data through scripts, bots, or any automated systems is expressly prohibited. Furthermore, personal data may not be collected, processed, or used for training, development, or enhancement of artificial intelligence systems or algorithmic models without the explicit, informed, and documented consent of the data subject.

The data collected are processed to:

  • allow you to access and use the platform;
  • manage registration, user profile, and related content;
  • provide technical support and respond to your requests;
  • customize your user experience (e.g., content suggestions);
  • contractual, tax, or accounting purposes;
  • send important service-related communications;
  • perform anonymous analyses and statistics to improve service efficiency;
  • protect our rights, prevent abuse or fraud;
  • send promotional communications (only with explicit consent);
  • comply with legal obligations.

Netfest does not perform profiling or automated decisions that produce legal or significant effects for the user, except in strictly technical cases (e.g., ordering displayed content).

5. Legal bases for processing

The use of personal data for purposes not covered by the legal bases described, such as training, improving or testing artificial intelligence systems without consent, does not fall within legitimate interests and is not permitted under Regulation (EU) 2016/679.

The processing is based on at least one of the following legal grounds:

  • your free, informed, and revocable consent (Art. 6.1.a);
  • the performance of a contract to which you are a party or pre-contractual measures (Art. 6.1.b);
  • compliance with legal obligations (Art. 6.1.c);
  • legitimate interest of the controller or third parties, provided your fundamental rights do not prevail (Art. 6.1.f).

6. Data retention period

We retain your data only for as long as is strictly necessary to achieve the purposes for which it was collected. The retention period varies depending on the type of data, as detailed below: Account and personal data: 5 years after account closure Access logs: 12 months Billing and tax data: 10 years (legal obligations) Communications (emails/forms): 12 months after request resolution User preferences and saved content: until deletion or request Marketing data: up to 24 months or until consent is withdrawn Security and access logs: 12 months (extendable in case of investigations)

7. Use of Cookies

Cookies are small text files that the website places on your device to improve your experience and enable some essential features.

We use cookies to:

  • remember preferences and settings;
  • keep your session active;
  • analyze user behavior in aggregate form;
  • provide personalized content;
  • collect anonymized statistical data.

You can manage your preferences through your browser settings. Disabling cookies may limit some features of the platform.

8. Data security

The copying, extraction, or duplication of data by third parties, including providers, for the purpose of development, training, or testing of artificial intelligence models—even in anonymous form—is not permitted unless previously and formally authorized through the explicit consent of the data subject.

We apply appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or accidental or unlawful destruction. In particular:

  • encryption and pseudonymization of sensitive data;
  • regular backups and recovery mechanisms;
  • limited access to data based on granular permissions;
  • internal audits and activity logging;
  • periodic security system testing.

In the event of data breaches, we will notify the affected individuals and the competent authority within the timeframes required by law.

9. Data subject rights

You have the right to:

  • obtain confirmation of processing and access your data (Art. 15);
  • request rectification (Art. 16);
  • request erasure (Art. 17);
  • restrict processing (Art. 18);
  • object to processing (Art. 21);
  • receive data in a structured format for portability (Art. 20);
  • withdraw consent at any time, without prejudice.

You can exercise your rights by writing to: dataprivacy[@]netfest.org.

10. International transfers

Where possible, data is processed and stored within the European Economic Area (EEA). If data must be transferred to third countries, we ensure an adequate level of protection through:

  • European Commission adequacy decisions;
  • standard contractual clauses (SCC);
  • other legal instruments recognized by the GDPR.

Under no circumstances do providers process data on their own behalf.

11. Data processors and providers

Third-party providers are prohibited from using personal data processed on behalf of Netfest for independent activities, including but not limited to: training artificial intelligence models, predictive analysis, or developing machine learning technologies not expressly requested by Netfest and not authorized by users through specific consent.

We work exclusively with third-party providers who offer adequate GDPR compliance guarantees. These providers operate under our instructions and may include:

  • hosting and cloud services;
  • customer support and helpdesk tools;
  • communication and analytics providers.

All relationships are governed by contracts compliant with Art. 28 GDPR.

12. Changes to this policy

We reserve the right to update this policy to reflect regulatory changes or developments in our services. Significant changes will be communicated via email, on the platform, or through dedicated notices. Continued use of our services constitutes acceptance of the updated policy.

13. Prevailing language

This policy is available in multiple languages. In case of discrepancies, the Italian version shall prevail over all others.

14. Contact

For questions, clarifications or requests regarding the protection of your personal data:

📧 Email: dataprivacy[@]netfest.org

📮 Postal address: Ellipsis Media International s.r.l. – Via Ascoli Piceno, 17 – IT-00176 Rome

👤 Data Protection Officer (DPO): support[@]netfest.org