Film Distribution Group
Privacy Policy

Last updated: 12.01.2025

This Privacy Policy describes how Film Distribution Group (hereinafter also referred to as “we,” “us,” “our,” or “Group”) processes personal data in accordance with applicable data protection laws in Estonia, Latvia, Lithuania, and the European Union (including the EU General Data Protection Regulation, “GDPR”). It applies to all companies within the Group, including their websites, business operations, and communications.

By using our services, visiting our websites, or otherwise interacting with us, you agree to the terms set out in this Privacy Policy.

 

1. WHO WE ARE

Mother Company

 

Theatrical Film Distribution OÜ
Põikmäe 4, 76406 Tänassilma, ESTONIA
Reg. No: 12394464 | VAT Code: EE102801495
info@filmdistribution.eu
Website: https://www.filmdistribution.eu

 

Group Companies

 

1.        Estonia

Estonian Theatrical Distribution OÜ
Põikmäe 4, 76406 Tänassilma, ESTONIA
Reg. No: 12396084 | VAT Code: EE101603623
info@filmdistribution.ee
Website: https://heafilm.ee

 

2.        Latvia

Latvian Theatrical Distribution SIA
Dzelzavas street 120 G, Riga, Latvia, LV-1021
Reg. No: 40103625421 | VAT Code: LV40103625421
info@filmdistribution.lv
Website: https://labskino.lv

 

3.        Lithuania

Theatrical Film Distribution UAB
Jogailos g. 4, LT-01116 Vilnius, Lithuania
Reg. No: 302950470 | VAT Code: LT100007448011
info@filmdistribution.lt
Website: https://dukine.lt

 

Dukine Film Distribution UAB
Jogailos g. 4, LT-01116 Vilnius, Lithuania
Registration code: 305461381 | VAT Code: LT100013224519
info@filmdistribution.lt
Website: https://dukine.lt

 

Each of the above entities is a separate legal entity and acts as a “data controller” where it determines the purposes and means of processing personal data related to its own activities. When we refer to “Film Distribution Group” or “Group,” we mean any or all of the above entities collectively, where applicable.

 

2. SCOPE AND APPLICABILITY

 

This Privacy Policy:

1.    Applies to all personal data that we collect, use, or otherwise process about individuals (including but not limited to customers, website visitors, event participants, collaboration partners, contractors, and persons who contact us or otherwise engage with us).

2.    Covers multiple jurisdictions, including Estonia, Latvia, Lithuania, and broader EU requirements under the GDPR. Where local laws in any of these countries impose stricter requirements, those requirements will take precedence.

3.    Supplements any specific notices that might be provided to you at the point of data collection (for example, additional terms on a particular website or service).

 

3. TYPES OF PERSONAL DATA WE COLLECT

Depending on how you interact with us, we may process the following categories of personal data:

1.    Identification Data: such as name, surname, date of birth (where necessary), national ID or other identifiers (if legally required or relevant for the service).

2.    Contact Details: including email address, postal address, phone number, country of residence, and preferred language of communication.

3.    Transaction and Payment Information: where necessary for our services, such as billing details, purchase histories (for tickets, products, services), payment methods, partial credit card details (if applicable), or bank account information.

4.    Communication Data: including email correspondence, messages sent through contact forms on our websites, or interactions via social media platforms.

5.    Website and Technical Data: IP addresses, device identifiers, browser type, cookie information, operating system details, and log information about how you use our websites. (See also Section 10 on Cookies.)

6.    Profile or Preference Data: such as your interests, event attendance history, or preferences for certain films or newsletters—where you have given us explicit consent or we have a legitimate interest to process these for marketing purposes.

7.    Video Surveillance (CCTV): if you visit our premises (cinema halls, offices, or event locations where CCTV is in use) for security and fraud prevention purposes (see Section 9).

8.    Any Other Information: that you voluntarily provide to us, such as feedback, survey responses, or details related to marketing consents.

 

We strive to collect only the minimum necessary data to fulfill the relevant purpose.

 

4. LEGAL GROUNDS FOR PROCESSING

 

We will only process your personal data if there is a valid legal basis under applicable data protection laws. Such legal bases include:

1.    Consent: Where you have clearly consented to a certain type of data processing (e.g., receiving our newsletters or participating in loyalty programs). You may withdraw this consent at any time by contacting us or using the opt-out mechanisms provided (e.g., unsubscribe links in emails).

2.    Performance of a Contract: Where the data processing is necessary for us to provide services you have requested or to take steps at your request before entering into a contract (e.g., ticket purchases, distribution agreements).

3.    Legal Obligations: Where we are required to process your personal data to comply with statutory or regulatory obligations (e.g., tax, accounting, record-keeping, consumer protection laws).

4.    Legitimate Interests: Where necessary to pursue our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. This may include direct marketing of similar services, security measures, or fraud prevention.

 

5. PURPOSES FOR PROCESSING

We process personal data for the following main purposes:

1.    Provision of Services

To sell and deliver tickets, distribute films, and provide related entertainment services, including after-sales and customer support.

2.    Customer Relationship Management

To manage customer accounts, respond to inquiries, provide technical and operational support, and process refunds or complaints where necessary.

3.    Marketing and Communications

To send newsletters, promotions, and information about our upcoming events, offers, or services. You have the right to opt out of such communications at any time.

4.    Business Analytics and Improvements

To evaluate and improve the quality of our services, including usage analytics for websites, analysing trends, and refining our marketing approaches.

5.    Legal and Compliance

To comply with applicable laws, such as maintaining accounting records, fulfilling tax obligations, and cooperating with law enforcement when required.

6.    Security and Fraud Prevention

To protect our premises, customers, employees, and business data through measures such as CCTV surveillance, IT security, and access controls.

 

6. RETENTION OF PERSONAL DATA

We will retain personal data only for as long as is necessary to fulfil the purposes for which it was collected unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

1.    Legal and Regulatory Requirements: Certain data (e.g., invoices) must be retained for minimum periods under tax or financial laws (often 5–7 years, depending on jurisdiction).

2.    Contractual Obligations: Data linked to an ongoing service contract will be stored until the contract’s obligations are fulfilled and relevant claim limitation periods expire.

3.    Legitimate Business Purposes: Data needed for security (e.g., CCTV) or fraud-prevention may be stored for a reasonable period to protect our rights and interests.

4.    Consent-Based Processing: If the legal basis for processing is your consent, we will continue to process the data until you withdraw your consent or the purpose of the processing is achieved.

Once data is no longer needed, we will securely delete or anonymise it.

 

7. DATA SHARING AND INTERNATIONAL TRANSFERS

1.    Within the Group

Personal data may be shared among our Group companies in Estonia, Latvia, and Lithuania for business continuity, centralized administrative and financial functions, or unified marketing campaigns, where permitted by law and aligned with this Privacy Policy.

2.    Third-Party Service Providers

We may engage external providers (e.g., IT support, payment processors, marketing agencies) to process data on our behalf. Such providers will only have access to data necessary for their tasks and are contractually obligated to maintain confidentiality and adhere to data protection standards.

3.    Business Transfers

If we undergo any reorganization, merger, or acquisition, personal data may be transferred as part of the business transaction, subject to confidentiality arrangements.

4.    Legal Requirements

Where required by law or to protect our rights, property, or safety (or that of our customers or others), we may disclose personal data to law enforcement or relevant authorities.

5.    Transfers Outside the EEA

Generally, we aim to store and process personal data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure an adequate level of protection by using EU Standard Contractual Clauses or other recognized transfer mechanisms, in accordance with GDPR.

 

8. YOUR RIGHTS

You have certain rights regarding your personal data under the GDPR and other applicable laws:

1.    Right of Access

You can request information about whether and how we process your personal data, and obtain a copy of it.

2.    Right to Rectification

You can request that inaccurate or incomplete personal data be corrected or updated.

3.    Right to Erasure (“Right to be Forgotten”)

In certain cases, you can request that we erase your personal data, for example if the data is no longer required for the purpose it was collected or if you withdraw your consent (where applicable).

4.    Right to Restrict Processing

You can request that the processing of your personal data be restricted if you contest its accuracy or if the processing is unlawful but you oppose erasure.

5.    Right to Data Portability

Where processing is based on your consent or the performance of a contract and is carried out by automated means, you can receive your personal data in a structured, commonly used, and machine-readable format, and request its transfer to another controller, where technically feasible.

6.    Right to Object

You can object to processing based on our legitimate interests or to direct marketing at any time.

7.    Right to Withdraw Consent

If our processing relies on your consent, you can withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

To exercise any of the above rights, please contact us using the details in Section 12 (“Contact Us”). We may need to verify your identity before implementing your request.

 

9. VIDEO SURVEILLANCE (CCTV)

We may operate CCTV systems in certain premises for security, fraud prevention, and safety reasons. When you enter those areas, you may be captured on CCTV footage.

•    Storage Duration: CCTV footage is typically stored for up to 30 days unless required for a longer period (e.g., ongoing investigations).

•    Restricted Access: Only authorized personnel (or authorities, when legally permitted or required) have access to CCTV footage.

 

10. COOKIES AND SIMILAR TECHNOLOGIES

Our websites use cookies and similar technologies to enhance user experience, analyze traffic, and facilitate certain website functions. A cookie is a small text file that a website stores on your device. You can control and manage your cookie preferences through your browser settings. Please see our separate Cookie Policy (available on each website) for additional details about how we use cookies and how you can opt out.

 

11. SECURITY MEASURES

To protect your personal data, we implement appropriate technical and organizational measures, such as:

•    Firewalls, secure servers, and encryption of data in transit where appropriate.

•    Limitation of access to personal data solely to authorized persons on a need-to-know basis.

•    Incident management procedures in the event of data breaches, including notifications to supervisory authorities and, where appropriate, affected individuals.

 

12. CONTACT US

For any questions about this Privacy Policy or our data processing practices, or to exercise your rights, please reach out to us at:

Email: info@filmdistribution.eu

Postal Address: Theatrical Film Distribution OÜ, Põikmäe 4, 76406 Tänassilma, ESTONIA

 

If you have concerns regarding our handling of your personal data, you also have the right to lodge a complaint with your local supervisory authority (for instance, the Estonian Data Protection Inspectorate, Latvian Data State Inspectorate, or the Lithuanian State Data Protection Inspectorate) or another supervisory authority in the EU.

 

13. CHANGES TO THIS PRIVACY POLICY

We may update or modify this Privacy Policy from time to time to reflect changes in our data processing practices or to comply with new regulatory obligations. Any changes will be effective immediately upon posting the revised Policy on our websites, and the updated date will be indicated at the top of this document. We encourage you to periodically review this page for the latest information on our privacy practices.