Privacy Policy

PRIVACY POLICY

Last Modified: 16th Dec. 2025

This Privacy Policy, together with our Terms of Use, explains how the Silk Road International Film Festival (“SRIFF”, “we”, “us”, “our”) collects, uses, stores and protects your personal data when you visit our website (“Site”) or engage with our Festival, services or digital platforms (including Silk Road ON DEMAND).

By using the Site, you acknowledge and agree to the practices described in this Privacy Policy. If you do not agree, you must discontinue use of the Site.

 

1. GDPR COMPLIANCE

All personal data is collected and processed in accordance with:

  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”)

     

  • The Data Protection Act 2018 (Ireland)

     

  • Applicable guidance from the Irish Data Protection Commission (DPC)

     

  • Rules regarding cookies under the EU ePrivacy Directive

     

2. IDENTITY OF THE DATA CONTROLLER

The Data Controller is:

Silk Road International Film Festival
Address Silk Road Film Festival Ltd Ground Floor 71 Lower Baggot Street Dublin D02P593 Ireland
 Email: info@silkroadfilmfestival.com
 Hours: Monday–Friday, 9:30am–5:30pm (excluding holidays)

3. TYPES OF PERSONAL DATA WE COLLECT

We collect the following categories of data:

3.1 Data You Provide Directly

  • Name, email address, phone number

     

  • Film submission details

     

  • Ticket purchase details

     

  • Payment information (processed securely via third-party providers; we do not store card numbers)

     

  • Accessibility requirements (only where necessary to fulfil requests)

     

  • Newsletter/marketing preferences

     

  • Any Content you submit (reviews, comments, etc.)

     

3.2 Data Collected Automatically

  • IP address

     

  • Browser type and device type

     

  • Pages visited, clicks, viewing history

     

  • Cookies and tracking technologies (see Section 9)

     

3.3 Data from Third Parties

  • Ticketing platforms

     

  • Marketing platforms

     

  • Analytics providers

     

  • Payment processors

     

4. LAWFUL BASES FOR PROCESSING

We process personal data under the following legal bases:

4.1 Consent

  • Newsletter subscriptions

     

  • Marketing communications

     

  • Optional cookies

     

  • Film-submission communications

     

You may withdraw consent at any time.

4.2 Contract

To fulfil services you request, such as:

  • Ticket purchases

     

  • Film submissions

     

  • Online screening access

     

  • Festival participation

     

4.3 Legitimate Interests

Including:

  • Website security

     

  • Preventing fraud

     

  • Improving user experience

     

  • Analytics to understand audience behaviour

     

  • Marketing to existing customers (per GDPR and ePrivacy rules)

     

4.4 Legal Obligation

  • Tax and audit requirements

     

  • Safety obligations at screenings

     

  • Responding to lawful requests from authorities

     

5. HOW WE USE YOUR PERSONAL DATA

We use your data for:

  • Processing ticket purchases and film submissions

     

  • Providing access to Silk Road ON DEMAND

     

  • Sending updates, newsletters and marketing (where permitted)

     

  • Responding to queries

     

  • Improving the Site through analytics

     

  • Ensuring venue accessibility requirements

     

  • Fraud prevention and security

     

  • Compliance with legal obligations

     

We never sell or rent your data.

6. DISCLOSURE OF PERSONAL DATA

We may share your personal data with:

6.1 Trusted Service Providers (Data Processors)

Including but not limited to:

  • MailChimp (email marketing)

     

  • Ticketsolve (ticketing)

     

  • Ticket Tailor (ticketing)

     

  • Google Analytics & Google Tag Manager

     

  • Facebook/Meta advertising tools

     

  • Payment processors (Stripe, PayPal, etc.)

     

All processing is governed by GDPR-compliant Data Processing Agreements.

6.2 Event Partners

Only where necessary (e.g., accessibility needs, guest lists), and only with your consent or legitimate interest basis.

6.3 Legal or Business Circumstances

  • Sale or acquisition of Festival businesses or assets

     

  • Court orders or legal obligations

     

  • Fraud or security investigations

     

Personal data will only be shared where lawful and necessary.

7. INTERNATIONAL DATA TRANSFERS

Some processors (e.g., MailChimp, Meta, Google) store data outside the EU.

Where this occurs, we ensure it is protected through one or more of:

  • EU Standard Contractual Clauses (SCCs)

     

  • Adequacy decisions

     

  • Supplementary technical and organisational safeguards

     

We only transfer personal data outside the EU when legally permitted and necessary.

8. SECURITY & STORAGE OF PERSONAL DATA

We use industry-standard safeguards to protect your personal data, including:

  • Encrypted data transmission

     

  • Secure servers

     

  • Access controls and authentication

     

  • Restricted access to staff on a need-to-know basis

     

However:

No method of internet transmission is 100% secure. You transmit information at your own risk.

Data Retention

We retain personal data:

  • For as long as needed to fulfil the purpose it was collected for

     

  • As required by law (e.g., ticketing and transaction records for 7 years)

     

  • Or until you request deletion (where permitted)

     

Marketing consent is retained until you unsubscribe.

9. COOKIES & TRACKING TECHNOLOGIES

We use cookies for:

  • Site functionality

     

  • Analytics and performance (Google Analytics)

     

  • Advertising and remarketing (Facebook Pixel, Google Ads)

     

  • Fraud prevention

     

You can control cookies through your browser settings or opt-out tools.

Optional cookies will only be used with your consent.

10. LINKS TO EXTERNAL SITES

Our Site may link to third-party websites.
 We are not responsible for their privacy practices.

You should review their privacy policies separately.

11. CHILDREN’S DATA

Our Site and Festival are not intended for children under 16.
 We do not knowingly collect data from children without parental consent.

If you believe we have collected such data, contact us to request deletion.

12. DATA SUBJECT RIGHTS

Under GDPR, you have the right to:

  • Access your personal data

     

  • Rectify inaccurate data

     

  • Erase your data (“right to be forgotten”)

     

  • Restrict processing

     

  • Object to processing (including marketing)

     

  • Data portability

     

  • Withdraw consent at any time

     

  • Lodge a complaint with the Irish Data Protection Commission (DPC)

     

Requests should be sent to info@silkroadfilmfestival.com.
 We may request proof of identity to protect your information.

13. AUTOMATED DECISION-MAKING

We may use automated systems for:

  • Remarketing

     

  • Audience segmentation

     

  • Ticketing workflows

     

You may opt out of automated marketing at any time.

We do not use automated decision-making that has legal or significant effects on individuals.

14. DATA BREACH POLICY

In the event of a data breach involving personal data:

  • The Irish Data Protection Commission will be notified within 72 hours (if required by GDPR).

     

  • Affected individuals will be informed without undue delay where the breach poses a high risk.

     

  • We will take immediate steps to mitigate any harm.

     

15. CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time.
 The “Last Modified” date will indicate the latest version.

Continued use of the Site after updates constitutes acceptance.

16. CONTACT

Questions, corrections, data requests or complaints should be sent to:
 info@silkroadfilmfestival.com