Privacy Policy

1. Introduction and Data Controller

Atlas Distribution GmbH operates the Miralot platform and is the data controller responsible for processing your personal data in accordance with the EU GDPR and German BDSG.

2. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Miralot platform. It applies to all users, including filmmakers, production companies, distributors, and festival organizers. By using our services, you acknowledge that you have read and understood this Privacy Policy.

3. Personal Data We Collect

4. How We Use Your Personal Data

5. Cookies and Tracking

Essential Cookies (always active): Session management, authentication, security, CSRF protection, load balancing.

Optional Cookies (require consent): Pirsch Analytics (EU-based), potentially Google Analytics, A/B testing, Facebook Pixel.

Manage preferences via our cookie banner, account settings, or browser settings. Disabling essential cookies may affect functionality.

6. Data Sharing

7. International Data Transfers

Transfers outside EU/EEA occur for: festival submissions (with consent), payment processing (protected by SCCs), and potential Google Analytics (anonymized, with consent).

We ensure protection through Standard Contractual Clauses, explicit consent, and anonymization where possible.

8. Data Retention

Active accounts: Data retained while account is active.

After termination: Personal data deleted within 90 days; anonymized metadata may be retained (you can object); invoices retained 10 years for tax compliance.

IP addresses: Anonymized/deleted after 7 days. Server logs retained 31 days.

Backups: May retain deleted data up to 90 days.

9. Your Data Protection Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion (exceptions apply for legal requirements)
• Restriction: Limit how we use your data
• Portability: Receive data in machine-readable format
• Object: Object to processing based on legitimate interests or direct marketing
• Withdraw consent: For newsletter, promotional materials, optional cookies

Lodge a complaint: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, Germany

Exercise your rights: Contact legal@miralot.com. We respond within 30 days.

10. Security Measures

Technical: SSL/TLS encryption, encrypted password storage (bcrypt/Argon2), EU-based servers, role-based access controls, encrypted backups, log file monitoring.

Organizational: Data processing agreements, employee training, incident response procedures, security audits, privacy by design principles.

Your responsibility: Keep login credentials secure. Notify legal@miralot.com immediately if you suspect unauthorized access.

11. Children's Privacy

Miralot is not intended for children under 18. Users under 18 may only use our services under parental supervision with consent. If we learn we have collected data from a child under 18 without parental consent, we will delete it promptly.

12. Server Log Files

Our hosting provider collects: accessed files, date/time, data transferred, browser type, operating system, referrer URL, IP address (anonymized after 7 days), and access provider. Log files retained maximum 31 days for security purposes.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified by email at least 6 weeks in advance. Continued use after changes constitutes acceptance. Current version available at: http://www.miralot.com/privacy

14. Contact Information