GDPR Compliance

1. Controller Information

REELMATIC STUDIOS LTD is the data controller responsible for your personal information.

• Company Name: REELMATIC STUDIOS LTD
• Registration Number: [Your Company Number]
• Address: [Your Address]
• Email: dpo@reelmatic.com

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Contractual Necessity

Processing is necessary to perform our contract with you:

• Account creation and management
• Video generation services
• Payment processing
• Customer support

2.2 Legitimate Interests

Processing is necessary for our legitimate interests:

• Fraud prevention and security
• Service improvement and analytics
• Direct marketing (with opt-out option)

2.3 Consent

We obtain your consent for:

• Non-essential cookies
• Marketing communications (newsletter)
• Special category data (if applicable)

2.4 Legal Obligation

Processing is necessary to comply with legal obligations:

• Tax and accounting records
• Anti-money laundering checks
• Law enforcement requests

3. Your Rights Under GDPR

As an EEA, UK, or Swiss resident, you have the following rights:

3.1 Right to Access

You have the right to request a copy of your personal data we hold. We will provide this information free of charge within one month of your request.

3.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update most information through your account settings.

3.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed
• Deletion is required for compliance with legal obligations

Note: We may retain certain information as required by law or for legitimate business purposes.

3.4 Right to Restriction of Processing

You have the right to restrict processing of your personal data when:

• You contest the accuracy of the data (during verification)
• Processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you require it for legal claims
• You have objected to processing (pending verification of our legitimate grounds)

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

This right applies when:

• Processing is based on consent or contract
• Processing is carried out by automated means

3.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

3.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

3.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.

You can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

4. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States.

We ensure adequate protection through:

4.1 Standard Contractual Clauses (SCCs)

We use SCCs approved by the European Commission for transfers to countries without an adequacy decision.

4.2 Adequacy Decisions

Where possible, we transfer data to countries deemed adequate by the European Commission.

4.3 Additional Safeguards

We implement additional technical and organizational measures, including:

• Encryption of data in transit and at rest
• Regular security audits
• Data minimization principles
• Contractual commitments from processors

5. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms.

6. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you.

AI-generated content is created based on your explicit prompts and does not involve profiling of your personal characteristics.

7. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware
• Notify affected individuals without undue delay if there is a high risk
• Document all data breaches, including facts, effects, and remedial actions

8. Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly process personal data of children without parental consent where required by law.

9. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

9.1 Submit a Request

• Email: dpo@reelmatic.com
• Subject line: "GDPR Data Subject Request"
• Include: Your name, email, and specific request

9.2 Identity Verification

To protect your privacy, we may ask for identification before processing your request.

9.3 Response Time

We will respond to your request within one month. In complex cases, we may extend this by two months and will inform you of the delay.

9.4 No Fee

We do not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive.

10. Contact Our Data Protection Officer

For questions about GDPR compliance or data protection:

• Email: dpo@reelmatic.com
• Address: Data Protection Officer, REELMATIC STUDIOS LTD, [Your Address]