Companies within Viaplay Group
Personal data may be disclosed to other companies within Viaplay Group if necessary for either business, legal or other legitimate purposes. Viaplay Group companies with access to personal data follow our internal practices on how to process personal data and there is an Intra Group Transfer Agreement in place covering such processes.
Third parties for security or other legitimate reasons
We may disclose personal data to third parties if we reasonably believe that disclosure of such personal data is necessary:
- to comply with valid legal obligations including subpoenas, court orders, governmental requests or search warrants, and as otherwise authorised by law - we assess and document each request thoroughly;
- to protect our rights or property, or the safety of our customers or employees;
- to protect against fraudulent, malicious, abusive, unauthorised or unlawful use of, or subscription to, our services and to protect our network, services, devices and customers from such use;
- to advance or defend against complaints or legal claims in court, administrative proceedings and elsewhere;
- as part of mergers or acquisitions, provided that the prospective buyer or seller agrees to respect processing of personal data in a manner consistent with data protection legislation;
- to outside auditors and regulators.
Third party suppliers – as processors
We authorise third party suppliers to perform selected services for us, such as infrastructure and IT services (including but not limited to data storage), provision of communication, customer management, marketing and statistical analyses tools. In the performance of these services, third party suppliers may have access to personal data but are only authorised to process this data strictly on our behalf, in accordance with our instructions and bound by specific data processing agreements.
Joint controllers
Viaplay Group may process personal data jointly with another controller.
If personal data is collected for processing by us jointly with another controller, the individuals affected will be informed accordingly.
In the event of a joint controllership, Viaplay Group and the other controller enter into an arrangement whereby areas of responsibility towards individuals are regulated. Irrespective of the terms of the arrangement, an individual may always exercise their rights in respect of and against each of the controllers.
Where do we process personal data?
We strive to the greatest extent possible to process personal data within the European Union and/or the European Economic Area (“EEA”). Unfortunately, this is not always possible, as many necessary service providers process data outside the EU/EEA. If personal data is to be transferred to or accessed from a destination outside the EU/EEA, we perform transfer impact assessments and take all necessary steps to ensure that the data is processed securely in accordance with relevant data protection laws and practices. Such transfers only occur to countries that offer an adequate level of data protection or where necessary safeguards are in place to reach such adequate levels, such as standard contractual clauses and binding corporate rules together with appropriate supplementary measures.
*In 2023, Viaplay Group received seven requests for customer information from government or law enforcement agencies. All were approved following the internal disclosure procedure.