Privacy Policy

Last updated: August 4, 2025

1. Introduction

This Privacy Policy describes how Kino (“we,” “our,” or “us”) collects, uses, and protects your personal information when you visit our portfolio website at ncm.im (the “Service”).

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

When you use our contact form, we collect:

  • Name (required)
  • Email address (required)
  • Subject line (required)
  • Message content (required)

2.2 Information Collected Automatically

We may automatically collect certain technical information when you visit our website:

  • IP address (only with your consent)
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Device information

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policyfor detailed information.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To respond to your inquiries and contact requests
  • To provide and improve our services
  • To analyze website usage and performance
  • To ensure website security and prevent fraud
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on:

  • Consent: When you provide explicit consent for data processing
  • Legitimate Interest: For website analytics and security purposes
  • Contract Performance: To respond to your inquiries
  • Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • With trusted service providers who assist in website operations (under strict confidentiality agreements)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • SSL/TLS encryption for data transmission
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security assessments
  • Data minimization practices

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Contact form submissions: 2 years from submission date
  • Analytics data: 26 months (anonymized after 14 months)
  • Security logs: 1 year
  • Cookie data: As specified in our Cookie Policy

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data
  • Restriction: Request limitation of data processing
  • Objection: Object to data processing
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, please contact us at the information provided in the Contact section below.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last updated” date
  • Sending you an email notification for material changes

12. Data Subject Rights Request Process

To exercise your data protection rights, please follow this process:

How to Submit a Request

  1. Send an email to privacy@ncm.im with the subject line indicating your request type
  2. Include your full name and email address used for contact
  3. Specify which right you wish to exercise (access, rectification, erasure, etc.)
  4. Provide any additional details to help us locate your data
  5. We may request additional verification to confirm your identity

Request Types and Processing Times

  • Data Access Request: We will provide your data within 30 days
  • Data Correction Request: We will correct inaccurate data within 30 days
  • Data Deletion Request: We will delete your data within 30 days (subject to legal obligations)
  • Data Portability Request: We will provide your data in a machine-readable format within 30 days
  • Processing Restriction Request: We will restrict processing within 30 days

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@ncm.im

Website: ncm.im

Response Time: We will respond to your request within 30 days

Data Protection Officer: Available upon request for EU residents

14. Supervisory Authority

If you are located in the European Union and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

EU Residents: Contact your local Data Protection Authority

UK Residents: Information Commissioner's Office (ICO)

California Residents: California Attorney General's Office

Other Jurisdictions: Contact your local privacy regulator

15. Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • • End-to-end encryption for data transmission
  • • Secure server infrastructure with regular updates
  • • Multi-factor authentication for admin access
  • • Regular security vulnerability assessments
  • • Automated backup and disaster recovery

Organizational Safeguards

  • • Access controls and role-based permissions
  • • Regular security training and awareness
  • • Incident response and breach notification procedures
  • • Third-party security audits and assessments
  • • Data minimization and retention policies