The privacy and security of your information is very important to us. We want you to trust that the information that you have provided to us is being properly managed and protected.
Who is responsible for GDPR and data collection?
Chihiro Uchida (managing director)
Geonet destination management GmbH.
Aspanger Strasse 476, 2823 Pitten, AUSTRIA
+43 664 1408 823 firstname.lastname@example.org
what does this policy cover?
If you have given us the consent to keep you informed of our activities, we may send you newsletters. If you change your mind about receiving this information in the future, please let us know about it, and we will delete your registration within 10 days.
which data do we collect from you?
We may collect and process the following personal data about you:
Information you provide by filling in forms on our site and email address and a password OR your google account Login data OR your Facebook account Login data to access our members only pages.
Information relevant to your enquiry or for your request as well as data needed to make a contract / agreement.
We may keep a record of our correspondence as long as it is valid. We generally delete your personal data 1 year after our last correspondence per email or phone, or as soon as it is not relevant anymore, if nothing else is written on the contract / agreement, or if it does not go against legal / accounting or similar deadlines (e.g. accounting data to be kept up to 7 years).
We could also ask you to complete surveys that we use for research purposes, however you have the right to reject.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. These data will be deleted after 1 year from your last visit to our website.
We may collect information about your computer by Cookies embedded in this website, including where available your IP address, operating system and browser type, for system administration and to report aggregate information for our own internal use. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. For Cookies please check here.
how do we use your data?
We use information held about you in the following ways:
All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the General Data Protect Regulation - GDPR at all times. Unless legal / contract / accounting deadlines for data storage apply, your data is usually deleted after 1 year from your last contact (email, fax, telephone). Please note that we may need to keep certain information, such as your accounting data for up to 7 years.
Our use of your personal data will always have a lawful basis, either because it is necessary for our performance to fulfil a contract or general terms and conditions, or because you have consented to our use of your personal data (e.g. by submitting an inquiry or by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:
Supplying our products and services to you
Replying to your emails
Responding to your enquiries
Supplying you with emails that you have opted to (you may unsubscribe or opt-out at any time via emailing with your request to opt out)
Analysing your use of our site and gathering feedback to enable us to continually improve our site and your user experience
Third parties whose content appears on our site may use third party Cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
You have the right to withdraw your consent to us using your personal data at any time, and to request us to delete it.
From our clients, we collect their names, company names, job titles, addresses, phone numbers, email addresses, and other information relevant to the project
From our casts, locations, crew, employee and other suppliers we collect their names, date of births, legal guardians for child cast registrations, addresses, phone numbers, email addresses, photos, videos, work experience, interests, appearance features and other information relevant to the project
do we share your data?
We will certainly not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. There is some personal information which we must share with our partners in order to accomplish your requested services. For example, we may have to pass your personal information such as name, nationality, gender, age, passport number, address, phone number, email address, room/meal preference to our partner hotels when booking rooms for you. We may also need to provide relevant personal information to our film crew, providers, partner companies, or any other professionals involved in your project if necessary. We may also pass your personal information to concerned authorities or firms to get the necessary permissions to proceed with your request.
We may compile statistics about the use of our site for example data on traffic, usage patterns, user numbers. All such data will be anonymised and will not include any personally identifying data. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
We may sometimes use third party data processors or partners that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where we transfer any personal data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EU and under the GDPR.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
We will share your information with our partners and suppliers who also takes part in the project.
We may also share your information with third-party service providers to provide services in relation to our business as well as to help us improve our products and services.
Data protection for the services we offer and promote, including children casts
We offer tailor-made production service packages for your film, photo, visual art projects, press activities as well as events and travels. This means that we need to provide relevant personal information of different candidates when it comes to selecting casts, locations, crew, equipment, props, accommodation, transportation, and other services.
Our websites include personal information of our registered casts, locations, crew, employees, and other suppliers. Most of these partners are self-employed or are freelancers, hence not directly employed by us. These partners include registered children casts under 18 years, therefore authorised by their parents/legal guardians. These supplier data are stored for internal record keeping and accounting purposes, as well as for contacting the person in charge when there is an inquiry.
Nobody, including our clients and partners is entitled use any of the personal data including images and videos listed on our websites for their projects or pass on to third parties without our written permission.
All data of our suppliers are kept to use for internal record keeping and accounting purposes, and for contacting when there is an inquiry.
As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
Right to information - Art. 15 GDPR
You have the right to request confirmation from the data controller as to whether your personal data is being processed or not.
If such processing is being carried out, you have the right to information about this personal data and about the following:
the purposes for which the personal data is being processed;
the categories of personal data that are being processed;
the recipients or the categories of recipients to whom the personal data has been disclosed or is still being disclosed;
if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for establishing the period of storage;
the existence of a right to correction or erasure of the personal data relating to you, a right to restriction of the processing by the data controller or a right to object to such processing;
the existence of a right of complaint to a supervisory authority;
all available information about the origin of the data if the personal data was not collected from the data subject;
the existence of an automated decision-making process including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, the scope and the intended effects of processing of this sort for the data subject.
You also have the right to demand information about whether the personal data about you is being transferred to a third country or an international organisation. Here, you can also demand information about the appropriate guarantees pursuant to Art. 46 GDPR in connection with such transfer.
Right to correction – Art. 16 GDPR
You have the right, vis-a-vis the data controller, to immediate correction and/or completion of the data about you, insofar as the personal data is incorrect or incomplete.
Right to erasure – Art. 17 GDPR
you have the right to demand immediate erasure of your personal data, provided that one of the following grounds applies:
the personal data about you is no longer required for the purposes for which it was collected or processed in another way;
you have withdrawn your consent on which processing was based pursuant to Art. 6 1 a) or Art. 9 (2) a) GDPR and there is no other legal basis for processing;
you have objected to processing pursuant to Art. 21 (1) and there are no legitimate, precedent reasons for processing, or you have objected to processing pursuant to Art. 21 (2) GDPR;
the personal data about you has been processed illegally;
erasure of the personal data about you is required to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject;
the personal data about you has been collected in relation to the information society services offered pursuant to Art. 8 (1) GDPR.
A right to erasure does not exist if processing is required:
to exercise the right to free speech and freedom of information;
to fulfil a legal obligation that requires processing under EU law or the law of the Member States to which the data controller is subject or to carry out a task that is in the public interest or to exercise public authority that has been transferred to the data controller;
for reasons of public interest in the area of public health pursuant to Article 9 (2) letters h and i and Article 9 (3);
for archiving purposes, historical research purposes or statistical purposes that are in the public interest pursuant to Article 89 (1) GDPR,
insofar as the right specified in section a) is likely to make achievement of the objectives of this processing impossible or will seriously hinder it, or
to assert, exercise or defend against legal claims.
Right to restrict processing – Art. 18 GDPR
You have the right to demand that the processing of the personal data about you be restricted in accordance with the following conditions:
if you have contested the accuracy of the personal data about you for a period that allows the data controller to verify the accuracy of the personal data;
if processing is illegal and you decline to have your personal data erased and instead demand restriction of the use of the personal data;
if the data controller no longer requires the personal data for purposes of processing but still requires it to assert, exercise or defend against legal claims, or
if you have objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
If processing of the personal data about you has been restricted, with the exception of storage, this data may be processed only with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest in the EU or a Member State.
If processing has been restricted on the basis of the conditions described, you shall be notified by the data controller before the restriction is lifted.
Right to notification – Art. 19 GDPR
If you have exercised one of your rights to correction, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data about you has been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or is associated with a disproportionate amount of work.
You also have the right to be informed of those recipients.
Right to data transferability – Art. 20 GDPR
You have the right to receive the personal data about you that you have provided to the data controller in a structured and standard format that can be read by a computer. You also have the right to communicate this data to another data controller without hindrance by the data controller to whom the personal data was provided, if
a) processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or is based on a contract pursuant to Art. 6 (1) b) GDPR and
b) processing is carried out with the aid of an automated process.
In exercising this right to data transferability, you also have the right to have the personal data about you transferred directly from one data controller to another data controller, insofar as this is technically feasible.
Right to object - Art. 21 GDPR
You have the right for reasons resulting from your specific situation to object, at any time, to the processing of personal data about you that is/was carried out on the basis of Art. 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.
The data controller shall stop processing the personal data about you unless the data controller can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise of defend against legal claims.
If personal data is processed for the purposes of direct advertising, you have the right to object to the processing of personal data about you for the purposes of such advertising at any time; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to processing for purposes of direct advertising, the personal data about you shall no longer be processed for those purposes.
Notwithstanding Directive 2002/58/EC, you have the option, in connection with the use of services of the information company, to exercise your right to object by means of automated processes in which technical specifications are used.
Right to withdraw a declaration of consent under data protection legislation
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing that was already carried out on the basis of your consent up to the point at which you withdraw it.
Right to complain to a supervisory authority – Art. 77 GDPR
Irrespective of any other legal remedies under administrative law or in court, you have the right to complain to a supervisory authority, in particular in the Member State of your normal place of residence, your place of work or the location of the alleged breach, if you believe that the processing of the personal data about you breaches the General Data Protection Regulation.
The supervisory authority to whom you submit your complaint shall notify you, as the complainant, of the status and outcome of the complaint, including the option to seek legal remedy in court pursuant to Art. 78 GDPR.
what do we use for our websites and other technology?
Cookies and other tracking technologies
What is a cookie: A “cookie” is a small text file that is placed onto your Internet browser or your computer, laptop or your mobile device. Cookies will then be sent to the original website or another website that recognizes them every time you use visit the site with the same browser. In some instances, where permitted under the applicable law, cookies may also be used for the purposes of certain email campaigns.
Apart from the strictly necessary cookies (without them the website may not function properly) we use the following cookies:
Functional cookies - these cookies enable a website to store information which has already been provided (e.g. user name, choice of language, font size). This enables users to be offered more personal and improved functions. These Cookies only collect anonymised information.
Performance Cookies – these cookies collect information on the way a website is used, for instance, which pages a user calls up most frequently or whether the user receives error messages. They are exclusively used to improve the website appearance and hence the user experience. Performance cookies do not store any information, which identities a user. The user remains anonymous.
Targeting cookies – these cookies are designed for marketing purposes are used to record the interests of visitors and to adapt advertisements to their personal requirements. They are also used to measure the effectiveness of advertisements. For this purpose, the collected information could be disseminated to third parties, for instance advertisers. For more information, please see the “Targeted advertising” section below.
To learn more about cookies and how they are used, please visit: http://www.allaboutcookies.org/.
Third-party cookies: As described above, we use a number of third-party service providers to help us manage, carry out and improve our advertising. These parties set cookies at our direction to help us collect information and provide you with advertisements that we believe would be relevant for you. In some case these third parties may also assist us by providing certain statistical and analytics information in relation to our marketing practices. We also may share information collected through cookies (and other tracking technologies) with third parties to use for their own analytics and marketing purposes.
Managing cookies and opting out: You can choose to visit our web sites without cookies, but in some cases certain services, features and functionality may not be available. To visit without cookies, you can configure your browser to reject all cookies or notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
Other technologies: Other technologies such as pixels and web beacons may also be used on our websites, in email messages and in other areas of our business. These technologies are used to improve our products and services as well as our marketing efforts.
Targeted advertising: We and our third-party service providers may serve targeted advertisements through the use of first-party or third-party cookies, pixels and web beacons when you visit our website, use our mobile applications, or visit third party websites. In some instances, these cookies may be persistent cookies. As described in the section above, we and our third-party service providers may also use cookie and other information to try to identify other devices and web browsers that you may use so we and our third-party service providers may serve targeted advertisements to those devices. We do this to provide you with advertising that we believe may be relevant for you as well as improve our own products and services, including the functionality and performance of our websites.
Google Tag Manager
Online Channels/Social medias
We may use information from online sources, such as websites, social media and information sharing platforms. This information may be used to help tailor and improve our services and communicate with you effectively, as we know many of our customers use a range of media channels to communicate and share information. We may use various social media features such as the Facebook “Like” button on our websites. Certain information may be shared or otherwise provided to us through your use of these features in conjunction with our services and programmes. Subject to your account and privacy settings, we may also be able to see information that you post when using these social media platforms whether or not you are using one of our services. In some instances, depending on the circumstances, we may contact you on these social media platforms. The information you post on social media sites as well as the controls surrounding these disclosures are governed by the respective policies of these third parties. Where we use information from these sources, we will respect any permissions you have set about how you would like your information to be used for each source. We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms.
We have integrated components of a company, Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, on this website. The data controller if you live outside of the USA or Canada is Facebook Ireland Ltd., 4 Grands Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Through each call-up of one of the individual pages of this website, which is operated by us and on which a Facebook component has been integrated (Facebook plugin), your internet browser is automatically prompted to download a display of the corresponding Facebook components on the IT system by Facebook. An overall summary of all Facebook plugins may be called up under. In the course of this technical procedure, Facebook will receive knowledge about what specific sub-page of our website is visited by you.
If you are logged in at Facebook at the same time, Facebook will recognise each call-up of our website by you and which specific subpage of our website you visit during the entire period of the respective stay on our website. This information will be gathered through the Facebook components and allocated to your Facebook account. If you activate one of the Facebook buttons integrated on our website, for example the “Like” button, or give a comment, Facebook will allocate this information to your personal Facebook user account and save this personal data.
Facebook will always receive information that you have visited our website through the Facebook components when you are simultaneously logged in at Facebook at the time of the call-up of our website; this will take place regardless of whether you click on the Facebook components or not. If you do not want such a transmission of this information to Facebook, you can prevent the transmission by logging out before a call-up of our website from your Facebook account.
The data protection guideline published by Facebook, which can be called up under provides information about the collection, processing and use of personal data by Facebook. Furthermore, it is explained there what setting options Facebook offers for the protection of your privacy. In addition, different applications can be obtained which make it possible to suppress a data transmission to Facebook, for example of a Facebook blocker by the provider Webgraph, which can be procured under Such applications can be used by you to suppress a data transmission to Facebook.
Then, we have integrated components of YouTube on this website. YouTube permits the publication of all kinds of videos, which is why both complete film and television broadcasts, but also music videos, trailers or videos made by users themselves can be called up through the internet portal. The operator company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Through each call-up of one of the individual pages of this website, which is operated by us and on which a YouTube component (You-Tube video) was integrated, the internet browser on your IT system is automatically prompted to download a display of the corresponding YouTube component from YouTube. Further information on YouTube can be called-up under. In the course of this technical procedure, YouTube and Google obtain knowledge about what specific subpage of our website is visited by you. If you are logged in at YouTube at the same time, YouTube will recognise each call-up of our website by you and which specific subpage of our website you visit during the entire period of the respective stay on our website. This information will be gathered through the YouTube- components and allocated to your YouTube account. If you activate one of the YouTube buttons integrated on our website, for example the “I like” button, or give a comment, YouTube will allocate this information to your personal YouTube user account and save this personal data. YouTube and Google will always receive information that you have visited our website through the YouTube components when you are simultaneously logged in at YouTube at the time of the call-up of our website; this will take place regardless of whether you click on the YouTube components or not. If you do not want such a transmission of this information to YouTube, you can prevent the transmission by logging out before a call-up of our website from your YouTube account. The data protection guideline published by YouTube, which can be called up under https://policies.google.com/privacy/update, provides information about the collection, processing and use of personal data by YouTube and Google.
All videos which are not played by YouTube but can be watched directly on our website are shot by us or approved by the person or party who shot the video. These videos‘ copyrights belong to us or the person/party who shot the videos, which means you cannot publish it on your website, SNS or played for commercial uses without our or the person/party’s permission.
Links to Other Sites
Our websites contain links to websites that are maintained and/or controlled by third parties. In some case these websites may be co-branded and display our logos or other trademarks. You can always tell whether you are on one of our websites by checking the uniform record locator ("URL”) on the page that you are visiting. We encourage you to review the privacy policies of these third-party websites as their privacy practices may differ from ours.
is it secure?
We are committed to ensuring that your information is protected from illegal processing, loss and damage.
We only store, process and transfer files to our clients and partners when we are given your permission.
All personal data is stored safely in our secured external hard disk, and our Email servers are located in the European Economic Area (EEA) or in non-EU countries with adequate data protection level.
For our general operations and work related to data handling we use the following business tools and applications:
Encrypted external hard disk, SD card, DVD, paper copy – stored safely by the managing director; kept until legal erasure deadline or is requested earlier by the data holder
Encrypted internal hard disk – current project related data temporary available to staff only
Password protected Google Drive cloud service – current project related data temporary available to authorized, project-related people only Google Drive is a cloud server service offered by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and complies with the EU-U.S. Privacy Shield Frameworks
Password protected Dropbox cloud service – current project related data temporary available to authorized, project-related people only
Office Outlook – data related to current projects. Outlook is a so-called Email client from Microsoft Corporation, One Microsoft Way, Redmond WA 98025-6399, USA, and also offers a calendar function allowing appointment organization and coordination.
Data transfer / communication
For data transfer and communication of data regarding current projects and general inquiries, we use the Software packages offered from Microsoft Office (MS Outlook, MS Office, MS Skype), offered by Microsoft Corporation, One Microsoft Way, Redmond WA 98025-6399, USA. Microsoft complies with the EU-U.S. Privacy Shield Frameworks.
Mobile phone, SMS – general communication; data stored temporary
When your data is due to be legally deleted, we will destroy your information on hard copies and delete the corresponding digital files. Despite the security controls we put in place to address the key GDPR principles, there is still a risk of data breach. In the unlikely event of this, the breach will be notified to all data subjects immediately after we get informed of this. Please contact us by email straight away when you notice any breach related to us, and this will be notified to the relevant authorities within 72 hours.
how can you access your data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details.
If our answers are not able to satisfy you, you have the right to report a concern to the data protection authority ( https://www.data-protection-authority.gv.at/ ). Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.