When you use BEYOND SEEN SCREEN d.o.o. (hereinafter also ‘’Beyond Seen Screen’’ ‘’us’’, ‘’we’’ and ‘’our’’) websites located at https://www.beyondseenscreen.com/, https://www.exrey.tv/ and https://app.exrey.tv (‘’Sites’’), you (hereinafter ‘’you’’, ‘’individual’’ and ‘’data subject’’) trust us with your information. We take your privacy very seriously and we are committed to providing you with a positive experience on our Sites, with our Services and in your other interactions with us.

This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully.

The Privacy Policy explains our practices for handling personal data on- and off-line. If you provide us with personal data, we will treat it as outlined in this Privacy Policy. This Privacy Policy also explains responsibility for external links to third party websites, user content, the use of communication services, indemnity, intellectual property and other information available on our Sites.

For you to use our Services, you have to agree to our Privacy Policy. If you don’t agree with our Privacy Policy, we kindly ask you not to use our Services.


The data protection declaration of BEYOND SEEN SCREEN is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to begin by explaining the terminology used.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Marije Radić 14


The lawful bases for processing personal data are set out in Article 6 of the GDPR. Whenever we process your personal data the lawful basis is consent, meaning that you give clear consent to process your personal data for one or more specific reasons.


We collect your information through our Sites in several ways.

Traffic information is erased or made anonymous when it’s no longer needed for the purpose of transmission or, in the case of payable services, up to the end of the period during which the bill may lawfully be challenged or payment pursued.

Beside traffic information mentioned above, we may collect two types of information: “personal data” and “aggregate information”.

Aggregate information is information about your activities using our Services that cannot be used to identify, locate or contact you (for instance frequency of using data entered when using our Services, most frequently accessed pages, browser type, etc.). Aggregate information is used in a collective manner and no single person can be identified by that compiled information. We use it to provide our Services and remuneration and to monitor, audit and analyse information pertaining to our business metrics.

In general, we use aggregate information to help improve our Services and customize your experience. We also use aggregate information in order to track trends and analyse use patterns on our Sites. This Privacy Policy does not limit in any way our use or disclosure of aggregate information and we reserve the right to use and disclose such aggregate to our partners, advertisers and other third parties at our discretion.

We may combine automatically collected and other aggregate information with personal data. In that case we will treat the combined information as personal data under this Privacy Policy and it will be used for marketing purposes.

We may ask for and collect the following personal data:

  • e-mail address
  • name and surname
  • pictures captured when individual records videos when using our Services


We process personal data only for the purposes for which it was collected and in accordance with this Privacy Policy. We take reasonable steps to ensure that the personal data we process is accurate, complete and current, but we depend on you to update or correct your personal data when necessary.

On the basis of explicit individual’s voluntary consent, we process personal data for the purpose of marketing.

You have the option to opt out of this kind of processing in accordance with this Privacy Policy.


We do not process personal data for automated decision making and profiling.


We are not in the business of selling your personal data.

We do share personal data with third parties only as set forth in this Privacy Policy.

  1. We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your information may protect the rights, property, or safety of BEYOND SEEN SCREEN or another person. We will disclose information that that law enforcement agencies require in particular case to be disclosed;
  2. We may disclose your information to comply with a law, regulation or compulsory legal request, to protect the safety of any person from death or serious bodily injury, prevent fraud or misuse of Service or its users or to protect our property rights. We will disclose information to government entities or third parties based on judgments of courts or tribunals or decisions of administrative authorities or another binding act. We will disclose information that previously mentioned entities require in particular to be disclosed.


For the purpose of hosting our Services we use USA servers for which we have a data processing contract in accordance with GDPR requirements. In conformity with the service, personal data is transferred and stored in the US. Service providers are fulfilling the conditions of personal data protection within the framework of EU-US (Privacy Shield), which is recognized as an appropriate level of personal data protection.

We do not transmit your personal data to other third countries. In case your personal data will be transmitted to other third countries we will notify you.


We are committed to protecting the online privacy of children and making the internet safe. When using our application, you can sign in with an E-mail or Google account. You can create your Google account if you are older than 13 years old. We don’t provide Services or knowingly collect or solicit personal data from children under 13 years of age. Any communication we get that is identified as being from a child under 13 will not be kept by us. Holder of parental responsibility of children between 13 and 16 years has to provide consent on behalf of children. We will make reasonable efforts using available technology to verify that consent provided on behalf of children between 13 and 16 years old has been provided by the holder of parental responsibility for that child. We encourage parents or guardians of children under 16 to regularly check and monitor their children’s use of email and other activities online.


We appreciate your trust in sharing your personal data with us and are committed to protecting it. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures as well as physical security measures. We restrict access to personal data to our employees, service providers and agents who need to know that information in order to operate, develop or improve our Services. We use secure socket layer (SSL) technology to encrypt and protect your personal data.


We store your information for as long as it, in our discretion, remains relevant to its purpose. We may store information longer, but only in a way that it cannot be tracked back to you. We store personal data in accordance with applicable law.

Traffic information is erased or made anonymous when it is no longer needed for the purpose of the transmission. Cookies, direct marketing and provision of value-added services information (including traffic information used for these purposes) is stored as long as the same is necessary for the provision of these activities, or up to the time when a user opts out from such use in accordance with this Privacy Policy.

When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.


You can update or remove your personal data or opt- out at any time.

  • Updates: If you still wish to use our Services and your relevant personal data (name, e-mail etc.) changes, please let us know at data@beyondseenscreen.com
  • Information removal: If you wish to completely remove your data from our collections please send us a deletion request at data@beyondseenscreen.com
  • Opt-out: If you don’t like to receive our newsletter or other marketing material e-mails, you can unsubscribe any time with the “unsubscribe” link within any marketing e-mail you receive from us. We’ll be sad to see you go, but we respect your privacy.

Any request that you send to beyondseenscreen.com may take up to 10 days to process and become effective.

After receiving your withdrawal of consent, we will stop processing your personal data (e-mail address) and will delete it. We will let you know that your withdrawal was taken into account.


In relation to your personal data that we process, you have the following rights:

  • To obtain confirmation whether we process your personal data;
  • To access personal data referring to you;
  • To rectification;
  • To erasure (Right to be forgotten);
  • Of restriction of processing;
  • To data portability;
  • To object;
  • To state that the decision based solely on the automated processing of your personal data, including the creation of profiles, that has legal effects relating to you or significantly affects you in a similar way, does not apply to you;
  • To withdraw data protection consent.

For all above-stated rights, you may, at any time, contact us at:

  • Email rights@beyondseenscreen.com
  • By regular post to the address Beyond Seen Screen d.o.o., Marije Radić 14, 10000 Zagreb, Croatia
  • In person at registered office of the controller at Zagrebački Inovacijski Centar d.o.o. (ured Beyond Seen Screen d.o.o.), Avenija Dubrovnik 15, 10000 Zagreb, Croatia

In addition, you are free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use your right to object by automated means using technical specifications. We shall promptly ensure that the request is complied with immediately, but no later than in one (1) month. You will receive requested personal data in a structured, machine-readable and generally applicable way. First copy of your personal data in electronic or hard is free of charge, but you will be charged for each additional copy with a fee to cover the cost of preparing the copy.

Right of confirmation and access

You have the right to obtain from us the confirmation as to whether or not personal data concerning you is being processed. If it is, you have the right to obtain from us free information about your personal data stored at any time and a copy of this information.

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (Right to be forgotten)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • When you withdraw consent and where there is no other legal ground for the processing;
  • You lodge an objection to the processing and there are no legitimate grounds for processing;
  • The personal data have been unlawfully processed;
  • The personal data is collected from children as part of information society services.

Insofar as we, the controller, made personal data public and we are required to delete them, we will take into account all available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

Right of restriction of processing

Each data subject shall have to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and you demand instead the restriction of their use instead;
  • We no longer need the personal data for the purposes of the processing, but you require them to assert, exercise or to defend legal claims;
  • You have objected to processing and it has not yet been determined whether the legitimate grounds of the controller override yours.

Right to data portability

You have the right to receive the personal data concerning you, which was provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit that data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent or contract and the processing is carried out by automated means.

Furthermore, in exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, if the task is carried out in public interest, if the processing is for the exercise of official authority vested in us or for our legitimate interest (or those of a third party). This also applies to profiling based on these provisions.

BEYOND SEEN SCREEN shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If BEYOND SEEN SCREEN processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to BEYOND SEEN SCREEN to the processing for direct marketing purposes, BEYOND SEEN SCREEN will no longer process the personal data for these purposes.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affecting you, as long as the decision is not necessary for entering into, or the performance of, a contract between you and us, or is not authorized by Union law to which we are subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent.

If the decision is necessary for entering into, or the performance of, a contract between you and BEYOND SEEN SCREEN, or it is based on your explicit consent, BEYOND SEEN SCREEN shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and contest the decision.

Right to withdraw data protection consent

You have the right to withdraw your consent for the  processing of your personal data at any time.

Right to appeal

Independent of the above stated rights and independent of other remedies, you, as data subject, have the right to appeal to a supervisory authority if you believe that the processing of your personal data violates the data protection regulations.

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Croatian Personal Data Protection Agency, Selska cesta 136. 10000 Zagreb, Croatia.


While we strive to protect your personal data, we cannot guarantee its absolute security. Despite our efforts, there remains the possibility that information may be accessed, altered, disclosed, or destroyed due to a security breach. In the unlikely event of a breach of security, and we have a way and (if required) your permission to do so, we will notify you by email if your personal data was involved in any way. We are not responsible for the functionality, privacy, or security measures of any other organization.


Cookies are small text files placed on your hard drive. We use cookies or similar technologies (pixels etc.) to personalize your online experience and improve our Services to you. This saves you time, since you are not required to re-enter the same information each time you visit our Sites.

Here is a list of cookies that we use. We have listed them here so you can decide whether you would like to opt-out or not.






Google Analytics

2 years

Used to distinguish users. More information can be found here.


Google Analytics

24 hours

Used to distinguish users. More information can be found here.


Google Analytics

1 minute

Used to throttle request rate. More information can be found here.


Google Analytics

6 months from set/update

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. More information can be found here.


Google Analytics

End of browser session

Used to determine whether the user is in a new session/visit. More information can be found here.


Google Analytics

2 years from set/update

Used to distinguish users and sessions. The cookie is updated every time data is sent to Google Analytics. More information can be found here.


Essential cookie

30 days

Cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. It may be placed on the devices of our customers’ End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features.


Google cookie


Set by Google. This group sets a unique ID to remember your preferences and other information such as website statistics and track conversion rates. Google’s policies can be viewed here.


We have integrated the component of Google Analytics on our Sites. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which an individual has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

Google Analytics can be disabled at the following link.


We may use Facebook Advertising, Facebook Pixel Re-Marketing and communications from time to time, which helps us deliver more relevant ads to you. Collected information is anonymous to us, meaning we cannot see the personal data of individuals. However, Facebook saves and processes the data and can connect it with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Privacy Policy

If you would like to withdraw your consent allowing Facebook and its partners to place ads on and outside of Facebook, click here. 


  • Essential Sites cookies: necessary to provide you with Services available through our Sites;
  • Performance and functionality cookies: used to enhance the performance and functionality of our Sites but are non-essential to their use;
  • Analytics and customisation cookies: used either in aggregate form to help us understand how our Sites are being used or how effective our marketing activities are, or to help us customise our Sites for you;
  • Advertising cookies: used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests;
  • Social networking cookies: used to enable you to share pages and content that you find interesting on our Sites through third party social networking and other websites. These cookies may also be used for advertising purposes too.


You can modify your browser settings to control whether your computer accepts or declines cookies. If you choose to decline cookies, you may not be able to use certain interactive features of our Sites, or even the Sites in general. Note that you can always go back and delete cookies from your browser; however, that means that any settings or preferences controlled by those cookies will also be deleted and you may need to recreate them.


We keep our Privacy Policy under regular review and we may change it from time to time. This Privacy Policy is valid from March 18th, 2020.