GDPR Compliance
How SeamCut protects EU residents' data rights and ensures compliance with European privacy regulations.
Last Updated: March 15, 2024
GDPR Compliance Since: May 25, 2018
πͺπΊ European Union Data Protection
SeamCut is committed to protecting the privacy rights of EU residents under the General Data Protection Regulation (GDPR).
Table of Contents
1. GDPR Overview
The General Data Protection Regulation (GDPR) is European legislation that protects the privacy and personal data of EU residents. It gives individuals enhanced control over how their personal data is collected, processed, and used.
As a global AI video editing platform, SeamCut processes personal data from EU residents and is committed to full GDPR compliance. This page explains how we protect your rights and handle your data according to European standards.
2. Legal Basis for Processing
Under GDPR, we must have a legal basis to process your personal data. Our legal bases include:
Contractual Necessity
- Account creation and management
- Video processing and AI editing services
- Subscription and payment processing
- Customer support delivery
Legitimate Interests
- Platform security and fraud prevention
- Service improvement and optimization
- Business analytics and performance monitoring
- Direct marketing to existing customers (with opt-out)
Consent
- Non-essential cookies and tracking
- Marketing communications
- Third-party integrations
- AI model training (when explicitly requested)
Legal Obligation
- Tax and financial record keeping
- Compliance with court orders
- Anti-money laundering requirements
3. Your GDPR Rights
As an EU resident, you have the following rights regarding your personal data:
π Right of Access
Request a copy of all personal data we hold about you, including processing purposes and data recipients.
βοΈ Right to Rectification
Correct inaccurate or incomplete personal data in your account or profile information.
ποΈ Right to Erasure
Request deletion of your personal data when it's no longer necessary for our services (right to be forgotten).
βΈοΈ Right to Restrict Processing
Limit how we process your data in certain circumstances, such as when accuracy is contested.
π¦ Right to Data Portability
Receive your personal data in a structured, machine-readable format to transfer to another service.
β Right to Object
Object to processing based on legitimate interests, including direct marketing and profiling.
π€ Rights Related to Automated Decision-Making
Not be subject to decisions based solely on automated processing, including AI profiling, that significantly affects you.
π Right to Withdraw Consent
Withdraw consent at any time for processing activities that rely on your consent as the legal basis.
4. Data Controller Information
Data Controller
SeamCut, Inc. acts as the data controller for personal data collected through our platform. We determine the purposes and means of processing your personal data.
EU Representative
As required by GDPR Article 27, we have appointed an EU representative to handle data protection matters for EU residents:
Company: EU Privacy Services Ltd.
Address: 123 Data Protection Avenue, Dublin 2, Ireland
5. International Data Transfers
SeamCut processes data globally to provide our AI video editing services. When transferring EU personal data outside the European Economic Area, we ensure adequate protection through:
Adequacy Decisions
- Countries approved by the European Commission as providing adequate protection
- Regular monitoring of adequacy decision status
Standard Contractual Clauses (SCCs)
- European Commission-approved contract templates
- Binding agreements with all data processing partners
- Regular compliance audits and assessments
Additional Safeguards
- Technical measures: Encryption and access controls
- Organizational measures: Staff training and data handling procedures
- Regular security assessments and penetration testing
6. Data Retention Under GDPR
Retention Principles
We only retain personal data for as long as necessary to fulfill the purposes for which it was collected:
- Account Data: Duration of account plus 12 months for legitimate interests
- Video Content: As long as needed for service provision, deleted within 30 days of deletion request
- Payment Data: 7 years for legal compliance (tax and financial regulations)
- Marketing Data: Until consent is withdrawn or 3 years of inactivity
- Support Data: 3 years from last interaction for quality assurance
Automated Deletion
We have implemented automated systems to delete personal data when retention periods expire, ensuring compliance with data minimization principles.
7. AI Processing and Profiling
Automated Decision-Making
Our AI algorithms process your videos to provide editing suggestions and automated features. This processing is necessary for service delivery and does not constitute automated decision-making that significantly affects you.
AI Training
We do not use your personal video content to train our AI models without explicit consent. When we do process data for AI improvement, it is:
- Based on explicit consent or legitimate interests
- Anonymized and aggregated whenever possible
- Subject to your right to object or withdraw consent
- Governed by strict data access controls
AI Transparency
You have the right to know when AI algorithms are being used to process your data and to request human review of AI-generated decisions that significantly impact you.
Make a GDPR Request
Exercise your GDPR rights by submitting a request below. We will respond within 30 days.
Contact Our Data Protection Officer
Our Data Protection Officer is available to answer GDPR questions and handle privacy concerns.
Data Protection Officer
Email: dpo@seamcut.com
Response Time: Within 48 hours
Languages: English, German, French
EU Representative
Email: eu-representative@seamcut.com
Address: Dublin 2, Ireland
Phone: +353 1 234 5678
Supervisory Authority
If unsatisfied with our response, you can lodge a complaint with your local data protection authority or the Irish Data Protection Commission.
8. Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected individuals without undue delay if high risk to rights
- Provide clear information about the breach and protective measures
- Offer assistance and support for affected users
9. Children's Data Protection
Under GDPR, we take special care with data from users under 16 years old:
- Parental consent required for users under 16
- Simplified privacy information for young users
- Enhanced data protection measures
- Regular review of child data processing activities
Parental Rights
Parents and guardians have the right to request access, correction, or deletion of their child's data. Contact our DPO for assistance with child data protection matters.
10. Our GDPR Compliance Measures
Technical Measures
- Data encryption in transit and at rest
- Access controls and authentication systems
- Automated data retention and deletion systems
- Privacy by design in product development
Organizational Measures
- Regular staff privacy training
- Data Protection Impact Assessments (DPIAs)
- Privacy policies and procedure documentation
- Third-party vendor compliance monitoring
Governance
- Dedicated Data Protection Officer
- Regular compliance audits and reviews
- Incident response procedures
- Continuous monitoring of regulatory changes