1. Overview

Small Screen Machine is the on demand platform owned and operated by Regional Screen Scotland. Regional Screen Scotland (referred to as either “The Company”, “we”, “us” or “our”) is the controller of your personal data (for the purposes of the General Data Protection Regulation). We are committed to respecting your privacy and protecting your personal data. We respect your privacy. Your use of the Platform is subject to our Privacy Policy This policy is subject to General Data Protection Regulation (GDPR.)

Government guidance on GDPR can be found here.

Regional Screen Scotland’s Data Management Policy can be found here.

2. The information we collect

This notice applies to all information collected or submitted on The Company’s website. This information may include, but is not limited to:
- Name
- Email address
- Date of birth
- Gender
- IP Address
- Browser and device Information
- Viewer metrics
- Purchase and payment details

3. Our basis for collecting your personal data

In respect of each of the purposes for which we use your Personal Data as outlined above, the GDPR requires us to ensure that we have a “legal basis” for that use. Most commonly, we will rely on one of the following legal bases:

Contractual Necessity: Where we need to perform a contract we are about to enter into or have entered into with you Legitimate Interests: Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests. Compliance with Law: Where we need to comply with a legal or regulatory obligation, such as age verification Consent: Where we have your specific consent to carry out the processing for the Purpose in question

Generally we do not rely on your consent as a legal basis for using your Personal Data other than in the context of direct marketing communications.

4. The Way We Use Information

We use the information you provide about yourself when joining The Company to complete your Profile. We do not share this information with outside parties except to the extent required by law or necessary to the running of this site. Your email, name and credit card details are not shown publicly.
We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.
Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

5. Our Commitment to Data Security

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

6. How long we store your personal data

We will only retain your Personal Data for so long as we reasonably need to use it for unless a longer retention period is required by (for example for regulatory purposes).

7. Our Commitment to Children’s Privacy

This website is not intended for anyone below the age of 18 and we do not knowingly collect data relating to such people.

8. How You Can Access and Correct Your Information

You can access all your personally identifiable information that we collect online and maintain by visiting your Account Settings page. We use this procedure to better safeguard your information.
You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

9. The Video Privacy Protection Act of 1988

The Company adheres to The Video Privacy Protection Act of 1988.

10. How to Cancel Your Account

Contact us if you wish to have your account permanently deleted.

11. How to Contact Us

Should you have other questions or concerns about these privacy policies, send us an email. Contact information can be found on The Company’s Contact Us page.

12. Use of Cookies

We use two broad categories of cookies; first party cookies, served directly by us to your computer or mobile device, and third party cookies, which are served by service providers on our Site, e.g. embedded Youtube videos.

Regional Screen Scotland uses the following types of cookies for the purposes set out below:
Essential cookies: These cookies are essential to provide you with services available through our site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our site and help the content of the pages you request to load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies: These cookies allow our site to remember choices you make when you use our site, such as remembering your login details and remembering the changes you make to other parts of our site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our site.
Analytics cookies: These cookies are used to collect information about traffic to our site and how users use our site. The information gathered via these cookies does not directly identify any individual visitor. However, it may render such visitors _indirectly _identifiable. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our site. The information collected is aggregated and anonymous. It includes the number of visitors to our site, the websites that referred them to our site, the pages they visited on our site, what time of day they visited our site, whether they have visited our site before, and other similar information. We use this information to help operate our site more efficiently, to gather broad demographic information and to monitor the level of activity on our site.
If you do not accept our cookies, you may experience some inconvenience in your use of our site. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit our site.

13. Use of Third Party Services

13.1 Google Analytics

We use Google Analytics to help us to understand how you use our site and tools, which allows us to know how to improve our products for your benefit. It follows your progress through the website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. Google then stores this data in order to create reports. But don’t worry; they do not store your personal data. Google will track your IP address, and it may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us, and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. For more information on Google’s privacy policies, please visit https://policies.google.com/privacy. Google Analytics services are governed by the Google Analytics Terms of Service which can be found at: https://marketingplatform.google.com/about/analytics/terms/us/.

13.2 Intercom

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilise Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyses your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom’s use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.

13.3 Mandrill

We use Mandrill to send transactional emails, such as a welcome email, purchase receipt, or forgot password email. We provide a limited amount of your information, such as your email address, to The Rocket Science Group LLC, who operate Mailchimp and Mandrill. We utilise Mandrill to collect data for analytics purposes when you view the email. For more information on the privacy practices of Mandrill, please visit https://mailchimp.com/legal/privacy/. Mandrill’s services are governed by Mailchimp’s terms of use which can be found at https://mailchimp.com/legal/terms/.

13.4 Amazon Web Services

We use Amazon Web Services (AWS) who provide us with cloud storage solution. AWS has demonstrated compliance with a range of internationally recognised standards for content, data and infrastructure security, such as information security management system- ISO-27001, System and Organization Controls Report- SOC1/2, and The Payment Card Industry Data Security Standard; in addition, AWS has demonstrated alignment with the MPAA Content Security Best Practices and the AWS infrastructure is compliant with all applicable MPAA controls. For more information on AWS’ privacy policy please see: https://aws.amazon.com/privacy/

13.5 Stripe

We use a third party payment processor, Stripe, to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third party processor, Stripe, whose use of your personal information is governed by their privacy policy, which may be viewed at https://stripe.com/nz/privacy. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification.