GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals in the European Union greater control over their personal data. At Holovine, we are committed to full GDPR compliance and protecting your privacy rights.

Consent

We process your data based on your explicit consent when you sign up for our service and accept our terms.

Contract Performance

We process data necessary to provide our AI video generation services as outlined in our agreement with you.

Legitimate Interests

We may process data based on our legitimate business interests, such as improving our services and preventing fraud.

Legal Obligations

We process data when required to comply with legal obligations, such as tax and accounting requirements.

Right to Access

You have the right to request a copy of all personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You can request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly communicate how we use your data.

Purpose Limitation

We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for our purposes.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date.

Storage Limitation

We keep personal data only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

We implement appropriate security measures to protect personal data against unauthorized or unlawful processing and accidental loss.

What We Collect

We collect identification data, contact information, account credentials, payment details, usage data, and content you create using our platform.

How We Process

Data is processed to provide our services, improve our AI models, communicate with you, process payments, and comply with legal obligations.

Where We Process

Data is primarily processed in the United States with adequate safeguards in place for international transfers.

Transfer Mechanisms

When transferring data outside the EU, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

Safeguards

We implement appropriate technical and organizational measures to protect data during international transfers.

Technical Measures

We employ encryption, access controls, secure authentication, regular security testing, and intrusion detection systems.

Organizational Measures

We maintain data protection policies, conduct staff training, implement access restrictions, and perform regular security audits.

Breach Notification

In the event of a data breach, we will notify affected individuals and supervisory authorities within 72 hours as required by GDPR.

Data Processors

We work with third-party processors for cloud hosting, payment processing, analytics, and customer support. All processors are GDPR-compliant and bound by data processing agreements.

Subprocessors

We maintain a list of subprocessors and notify you of any changes to this list.

Our service is not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. If we discover such data has been collected, we will delete it promptly.

Retention Periods

Account data is retained while your account is active. Payment data is retained for 7 years for tax purposes. Usage data is retained for 2 years. Marketing data is retained until you opt out.

Deletion

Upon account deletion or data erasure request, we delete personal data within 30 days, except where retention is required by law.

Submitting Requests

You can exercise your GDPR rights by contacting us at gdpr@holovine.com or through your account settings.

Verification

We may need to verify your identity before processing rights requests to protect your data security.

Response Time

We will respond to your requests within one month. In complex cases, we may extend this by two months and will notify you.

No Fee

Exercising your GDPR rights is free of charge, unless requests are manifestly unfounded or excessive.

Filing Complaints

If you believe we have not complied with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Our Data Protection Officer

You can contact our Data Protection Officer at dpo@holovine.com for any GDPR-related concerns.