PRIVACY POLICY

Last updated 04 Nov, 2021

PLEASE READ THIS PRIVACY POLICY AND THE RELATED TERMS OF USE CAREFULLY BEFORE USING THIS SERVICES. BY USING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY INCLUDING WITHOUT LIMITATION, THE ARBITRATION AGREEMENT AND CLASS ACTION WAIVER DESCRIBED IN SECTION 15 BELOW.

EFC PRIVACY POLICY

Your Privacy Rights

This Privacy Policy describes the types of information gathered by EFC, Inc. (“EFC”, “us” or “we”) in the process of providing this website (the “Site”), and the associated services, data, information, tools, functionality, updates and similar materials (collectively, the “Service”), how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Service. It is important that you take the time to read and understand this Privacy Policy so that you can appreciate how we use your personal information.

Please also refer to our

http://www.ethiopiafilmcommission.com/termsofservice , which are incorporated as if fully recited herein. Terms defined in the Terms of Service that are not defined herein shall have the same definition as in the Terms of Service.

This Privacy Policy is subject to the provisions of the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws. EFC agrees that under the GDPR, it is a data “Controller” and you, if you are an individual and reside in the European Union, Switzerland, the United Kingdom, or Northern Ireland (collectively the “EEA”), are a “Data Subject” with certain protected privacy rights concerning your “Personal Data.” Similarly, under the CCPA, we are a “Business”, and you, if you are an individual residing in California, are a “Consumer” with certain protected privacy rights concerning your “Personal Information”. We will take commercially reasonable steps to maintain compliance with GDPR and CCPA requirements. Your Personal Data and Personal Information may identify you as a person, and thus may be referred to as Personally Identifiable Information ("PII").

1. Who Collects Your Information On Our Service?

We do. We collect information from you on the Service, and we are responsible for protection of your PII.

2. What Information Does EFC Collect?

A. Requested Information. During onboarding as a user of the Service, depending on whether you are acting as a Buyer (defined in our Terms of Service) or a Seller of services, we may request specific PII about you in order to add you as a user, add you to our email list, facilitate your payments for Service, or fulfill your requests for services or information. You may choose not to provide your PII, but then you might not be able to take advantage of some of the features of our Service. The types of PII that we collect and save include:

From Sellers:

o Contact and account information, such as name, mailing address, geographical coordinates, email address, phone number, payment account information (e.g. credit card number, cvv, and/or bank account numbers) and username;

o Employment information, such as your work history, and possibly your educational transcripts;

o Demographic information, such as age, gender, ethnic background and/or race; and

o Technical information, collected in our logs and via cookies. Such information may include standard web log entries that contain your device identifiers (including mobile devices) and information, operating system information, usage statistics, clickstream data, IP address, previous page URL, referring page URL and timestamps.

From Buyers:

o Contact and account information, such as name, mailing address, geographical coordinates, email, payment account information (e.g. credit card number, cvv, and/or bank account numbers) and phone number; and

o Technical information, collected in our logs and via cookies. Such information may include standard web log entries that contain your device identifiers (including mobile devices) and information, operating system information, usage statistics, clickstream data, IP address, previous page URL, referring page URL and timestamps.

B. Aggregate Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, the type of operating system you are using, the date and time of any request, language preference, referring site, and the domain name of your Internet service provider.

C. Financial Information. We may collect financial information from you on the Service. Normally, where we need information in our Service for payments, we use third party service providers to process payments for the Service and they collect financial information, such as credit card number, name, CVV code or date of expiration, and/or bank account and routing numbers, from you on the Service, not EFC. However, in some instances, where a third party payment processor cannot be used, we will act as the payment processor and collect the necessary financial information from you in order to process the Service payments.

D. User Content. We may collect information that you upload or otherwise submit to the Service as User Content. We collect User Content only if, and to the extent that, you upload or otherwise submit it to the Service. User Content shall only contain your PII to the extent that you, or another user authorized by you, include such PII in such User Content.

3. Why Is My Information Being Collected?

We need to collect your PII so that we can respond to your requests for information or to be added to our email lists, and to process your requests to access, and make payment for or receive payment from, the Service. We also collect aggregate information to help us better design the Service. We collect log information for monitoring purposes to help us to diagnose problems with our servers, administer the Service, calculate usage levels, and otherwise provide services to you.

We collect User Content for purposes of providing the Services and to anonymize and use as described herein.

Further details on our legal basis for collecting and processing your PII is included in Section 10.

4. How Do We Use the PII We Collect?

A. If you are a resident of the EEA, United Kingdom or Switzerland, we only process and use PII in compliance with GDPR requirements.

B. We use the PII you provide for the purposes for which you have submitted it including:

Responding To Your Inquiries and Fulfilling Your Requests . We may use your PII to respond to your inquiries and to fulfill your requests for information.

Creating and Maintaining Your User Account . We use your PII to create and maintain an account for you to allow you to purchase and use the Service.

· Subscribing to the Service. We may use your PII to add your subscriptions to our Service.

· Paying for the Service. Generally, your information is collected and processed through a third party service provider. From time to time, however, we may have to act as the payment processor, and will process and store your financial information, including credit card or other payment method information.

· Communicating With You About Our Services. We may use your PII to send you information about new services and other items that may be of interest to you

· Sending Administrative Communications. We may use your PII to send you emails or push notifications to: (a) confirm your account information and your other PII; (b) process your transactions to purchase our Service; (c) provide you with information regarding the Service; or (d) inform you of changes to this Privacy Policy, our Terms of Service, or our other terms, conditions, or policies.

C. We may use anonymous information that we collect to improve the design and content of our Service, and to enable us to personalize your internet experience. We also may use this information in the aggregate to analyze how our Site is used, as well as to offer you programs or services.

D. We may use your User Content to provide certain functionalities of the Service, as directed by you. We may also anonymize your User Content and use it for purposes of improving the design and content of our Service, analyzing how the Service is used, and performing analytics and benchmarking, and for general business purposes.

5. Do We Share Your PII?

We will not share your PII except: (a) for the purposes for which you provided it; (b) with your consent; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) with persons or organizations with whom we contract to perform services for us, including the performance, or development of, aspects of the Service and other internal operations or business activities. Our Service may use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). For more information on how Google uses data when you use our Site or Service, please follow this link: https://policies.google.com/technologies/partner-sites . You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on, available at, https://tools.google.com/dlpage/gaoptout. We may also share aggregate information with others, including affiliated and non-affiliated organizations. Finally, we may transfer your PII to our successor-in-interest in the event of an acquisition, sale, merger or bankruptcy.

We may share your User Content with other users via the Service, as directed by you. We may use and share anonymized User Content for purposes of improving the design and content of our Service, analyzing how the Service is used, performing analytics and benchmarking, and for general business purposes. We do not disclose any Personal Data to, nor do we have any connection or partnership with, social media sites, platforms, or companies

In the event that we share, or otherwise transfer, Personal Data covered by the GDPR and this Privacy Policy to a third party, we will only do so if: (x) that third party, except in cases of government or law enforcement agencies, gives us contractual assurances that it will comply with the GDPR; and (y) to the extent necessary, have in place a GDPR compliant procedure in place to protect the transfer, e.g GDPR standard contractual clauses or Privacy Shield certification, prior to such transfer

6. How Can You Access And Control Your Information?

After becoming a user of the Service, you may view, revise or edit certain personal information associated with you by logging into the Service, or by sending an email to info@ethiopiafilmcommission.com.

For instructions on how you can further access your personal information that we have collected, or how to correct errors in such information, please send an email to info@ethiopiafilmcommission.com. We will also promptly stop processing your information and remove it from our servers and database at any time upon your e-mail request, where required by law. To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information.

7. How We Store and Protect Your Information

A. After receiving your PII, we will store it on our servers for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers' systems.

B. If you are accessing the Service from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our servers and internal systems located within the USA.

C. We store your PII until the earlier of (i) your PII no longer being necessary for the purposes for which it was being processed; (ii) our deletion of your PII in accordance with our data retention decisions as well as retention and other internal policies; or (iii) your request that we remove it from our servers, except in cases where we have the legal obligation, or authority, and we elect, to maintain that information. We store our logs and other technical records indefinitely.

8. How Do We Use Cookies And Other Network Technologies?

A. To enhance your online experience with us, our web pages may use "cookies." Cookies are text files that our web server may place on your hard disk to store your preferences. Cookies, by themselves, do not tell us your email address or other PII unless you choose to provide this information to us. Once you choose to provide PII, however, this information may be linked to the data stored in the cookie. Certain features of the Services may not function properly without the aid of cookies. EFC uses session cookies, which are necessary to allow you to seamlessly navigate from one page or area of the Site to another during your visit, and these are normally deleted when you close your web browser. We also use persistent cookies for your convenience so that you can log in faster, your preferences are remembered from visit to visit, and that you have an overall more convenient experience while visiting our Site. Google may additionally use your information as described here, https://policies.google.com/technologies/partner-sites?hl=en-US. You may be able to opt out of Google's collection and/or use of your information. Please visit Google's Ads Preferences Manager or the Google Analytics opt-out browser add-on for more information.

B. We or our service providers may also use "pixel tags," "web beacons," "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some EFC Site pages and HTML-formatted email messages for purposes of, among other things, compiling aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on visitors’ hard drives. Pixel Tags allow us and our service providers to count users who have visited certain pages of the EFC Site, to deliver customized services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can inform the sender of the email whether and when the email has been opened.

C. As you use the internet, you leave a trail of electronic information at each website you visit. This information, which is sometimes referred to as "clickstream data”, can be collected and stored by a website's server. Clickstream data can reveal the type of computer and browsing software you use and the address of the website from which you linked to our Site. We may use clickstream data as a form of non-personally identifiable information to determine how much time visitors spend on each page of our Site, how visitors navigate through the Site, and how we may tailor our web pages to better meet the needs of visitors. We will only use this information to improve our Site.

D. Do Not Track. At present, the Site does not specifically respond to browser do-not-track signals.

9. Collection of Information by Others

Our Terms of Service may provide links, and that you may access through our Site, to certain third party websites. When you leave our Service, please check the privacy policies of these other websites to learn how they collect, use, store and share information that you may submit to them or that they collect. We are not responsible for the privacy practices of such other sites. This privacy policy applies solely to information collected by EFC through the Service.

10. Our Legal Basis For Processing Your PII

Data protection laws require us to explain to you our legal basis for processing your PII. Most commonly, we will use your PII under the following legal bases:

A. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

B. Where we need to perform the contract we are about to enter into or have entered into with you. For example, any Terms of Service entered into between us and you.

C. Where we need to comply with a legal obligation.

D. Where we have obtained your consent to process your PII.

11. Data Subject Rights

If you are a data subject as defined under the GDPR, you have the following rights:

A. The right to be informed. This is your right to be informed about what Personal Data we are processing, why, and who else the data may be passed to.

B. The right of access. This is your right to see what Personal Data about you is held by us.

C. The right to rectification. This is the right to have your Personal Data corrected or amended if what is held is incorrect in some way.

D. The right to erasure. This is the right to have your Personal Data to be deleted in the event that such data is no longer required for the purposes it was collected for, your consent for the processing of the data is withdrawn, or the data is being unlawfully processed.

E. The right to restrict processing . This is the right to ask for a temporary halt to processing of your Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.

F. The right to data portability . This is the right to ask for your Personal Data to be provided to you in a structured, commonly used, and machine-readable format.

G. The right to object. This is the right to object to further processing your Personal Data if such processing is inconsistent with the primary purposes for which it was collected.

H. Rights in relation to automated decision making and profiling. This is the right to not be subject to a decision based solely on automated processing. The Service does not engage in automated decision making and profiling.

I. Judicial Remedy. Notwithstanding anything to the contrary in this Privacy Policy, if you feel that we or one of our processors, if any, have infringed your rights under the GDPR, or that we are otherwise not in compliance with the GDPR with respect to your Personal Data, you may bring a legal proceeding against us in a court, or file a complaint with a supervisory authority, located in the EEA country where you regularly reside.

You can find instructions for enforcing some of these rights in Section 6 and elsewhere in this Privacy Policy. Otherwise, if you wish to find out more about these rights, please contact us at info@ethiopiafilmcommission.com.

12. Children and Young People’s Information

We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, the USA Children's Online Privacy Protection Act (“COPPA”), and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child's personal information from our servers, please contact us at info@ethiopiafilmcommission.com . Our Site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without the consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at info@ethiopiafilmcommission.com.

13. Consumer Rights under the CCPA

Description of a California Consumer’s Rights under the CCPA

The CCPA applies to our practices with respect to Personal Information of California residents. Under the CCPA, Consumers have certain rights regarding their Personal Information.

1, The CCPA applies to our practices with respect to Personal Information of California residents. Under the CCPA, Consumers have certain rights regarding their Personal Information.

Identifiers. Identifiers can be your name, mailing address, social security number, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), account names, and similar information; We collect the identifiers from the consumers themselves, third parties, and automatic means;

Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”);

Characteristics of Protected Classes. These characteristics can be your race, age, religion, ethnic origin, sexual orientation, gender, physical/mental disability, and similar information;

Commercial Information. Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;

Internet/Network Activity. Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website;

Geolocation Data. Geolocation Data includes GPS data;

Employment Information. Employment Information includes employment history;

Non-public educational information (“NPEI”). This information can include student’s name, address of student, SSN or student id number, and indirect identifiers such as DOB; and

Inferences drawn from any other category of personal information.

We collect Personal Information in the above categories from the consumers themselves and by automatic means for the purposes described in Section 4 above, and as required to comply with applicable law.

2. As a California consumer, you also have the right to request that we tell you which of your Personal Informationwe have disclosed for a business purpose, or sold, in the previous 12 months. With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a 12 month period. For Personal Information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. In the past 12 months, we have disclosed personal information falling under the following categories of Personal Information:

Identifiers; CCRLPI; Characteristics of Protected Classes; Commercial Information; Geolocation Data; Employment Information; and NPEI.

We disclose Personal Information in the preceding categories to the consumers themselves, to other users/third parties as the consumer may direct, service providers, third parties, and government/law enforcement agencies for the purpose it was provided/provision of Services, to comply with applicable law, and as otherwise described above in Section 4.

IN THE PAST 12 MONTHS WE HAVE NOT SOLD, AND DURING THE PERIOD OF TIME WHICH THIS PRIVACY POLICY IS POSTED WE SHALL NOT SELL, THE PERSONAL INFORMATION OF ANY CONSUMER, INCLUDING MINORS UNDER THE AGE OF 16.

3. You also have the right to request the deletion of the Personal Information that we have collected from you at any time. However, we may not be required to comply with such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.

4. In the event that you exercise one of your rights under the CCPA, you will not be discriminated by us in any way, including by the denial of goods or services, providing you a different level of goods or services, or charging you different prices or rates for the goods or services, unless the change in price is reasonably related to the value you receive from your personal information.

How do you exercise your rights under the CCPA?

Because we offer the Services exclusively online, you may submit your requests to exercise your rights under the CCPA by emailing us at info@ethiopiafilmcommission.com , please include “Request for Privacy Information” in the subject line.

We will acknowledge receipt of your request within 10 business days of receiving it, and will do our very best to respond within 45 calendar days of receipt of your request, and in no event will our response come more than 90 days after receiving your request. If we are unable to provide our response within the first 45-day window, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.

Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. To do this, we will ask the Requestor to confirm at least two pieces of information that we have in our files. As the sensitivity of the information being requested goes up, we will ask the Requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf. For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information. If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.

14. Changes to this Policy

Because our business needs may change over time, we reserve the right to modify this Privacy Policy. If at any time in the future we plan to use your data, or our general privacy practices, change(s) materially from as described in this Privacy Policy, we will revise this Privacy Policy as appropriate. In the event of a change to our Privacy Policy, we will email the updated policy to the email address that you provided to us. Your continued use of the EFC Service following our notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above to see when this Policy was last updated.

15. Arbitration; Governing Law and Jurisdiction (does not apply to residents of the EEA with respect to claims arising under to or relating to the GDPR)

You unconditionally consent and agree that any claim or dispute arising out of or relating in any way to the Service will be resolved solely and exclusively by binding arbitration, rather than in court, except that you may assert claims in small claims court if your claim(s) qualify. The Federal Arbitration Act and federal law apply to this Privacy Policy. The laws of the State of New York shall govern this Privacy Policy, and shall be used in any arbitration proceeding.

There is no judge or jury in arbitration, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages), and must follow the terms of this Privacy Policy as a court would.

To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim to the following address: Legal Department, EFC, Inc., 185 Wythe Avenue, 2nd Floor, Brooklyn, New York 11249. Arbitration under this Agreement will be conducted by the American Arbitration Association (AAA) under its rules then in effect, shall be conducted in English, and shall be located in New York City, New York. Payment of all filing, administration and arbitrator fees will be governed by the AAA's rules. All aspects of the arbitration proceeding, and any ruling, decision or award by the arbitrator, will be strictly confidential for the benefit of all parties.

You and EFC agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim proceeds in court rather than in arbitration, both you and EFC agree that each have waived any right to a jury trial.

Notwithstanding the foregoing, you agree that we may bring suit in court to enjoin infringement or other misuse of intellectual property or other proprietary rights.

To the extent arbitration does not apply, you agree that any dispute arising out of or relating to the Service, or to us, may only be brought by you in a state or federal court located in New York City, New York. YOU HEREBY WAIVE ANY OBJECTION TO THIS VENUE AS INCONVENIENT OR INAPPROPRIATE, AND AGREE TO EXCLUSIVE JURISDICTION AND VENUE IN NEW YORK.

16. Our Contact Information

If you have any questions or concerns about this Privacy Policy you may email us at info@ethiopiafilmcommission.com. Copyright © Ethiopia Film Commission, Inc. All rights reserved. The Site and Service are the property of EFC, and are protected by United States and international copyright, trademark, and other applicable laws. This includes the content, appearance, and design of the Site and Service, as well as the trademarks, product names, graphics, logos, service names, slogans, colors, and designs.