GDPR Compliance

Direct Studio is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains your rights as a data subject and how we comply with GDPR requirements.

The GDPR applies to all users located in the European Economic Area (EEA) and provides comprehensive data protection rights.

We process your personal data only when we have a lawful basis:

• •Contract: Processing necessary to fulfill our service agreement with you
• •Consent: You have given explicit consent for specific processing activities
• •Legitimate Interests: Processing necessary for our legitimate business interests
• •Legal Obligation: Processing required to comply with legal requirements
• •Vital Interests: Processing necessary to protect someone's life
• •Public Task: Processing necessary for tasks in the public interest

As a data subject, you have the following rights:

1. Right to Access (Article 15)

• •Request a copy of your personal data we hold
• •Receive information about how we process your data
• •Obtain details about data sharing and retention

2. Right to Rectification (Article 16)

• •Request correction of inaccurate personal data
• •Complete any incomplete personal data
• •Update outdated information

3. Right to Erasure - "Right to be Forgotten" (Article 17)

• •Request deletion of your personal data
• •Remove data when it's no longer necessary
• •Delete data if consent is withdrawn

4. Right to Restrict Processing (Article 18)

• •Limit how we use your personal data
• •Suspend processing while accuracy is verified
• •Restrict use instead of deletion

5. Right to Data Portability (Article 20)

• •Receive your data in a structured, machine-readable format
• •Transfer your data to another service provider
• •Export your recordings and account data

6. Right to Object (Article 21)

• •Object to processing based on legitimate interests
• •Opt-out of direct marketing
• •Object to automated decision-making

We implement comprehensive measures to protect your data:

• •Encryption: All data is encrypted in transit and at rest
• •Access Controls: Strict authentication and authorization systems
• •Data Minimization: We only collect necessary data
• •Privacy by Design: Privacy considerations in all new features
• •Regular Audits: Security and compliance assessments
• •Staff Training: All employees receive GDPR training

When we transfer data outside the EEA, we ensure adequate protection:

• •Standard Contractual Clauses (SCCs) with service providers
• •Adequacy decisions by the European Commission
• •Appropriate safeguards as required by GDPR
• •Your explicit consent when required

We retain your personal data only as long as necessary:

• •Active account data: Retained while account is active
• •Recordings: 30 days after deletion from your account
• •Billing records: 7 years for tax compliance
• •Support tickets: 2 years after resolution
• •Marketing data: Until consent is withdrawn
• •Analytics data: Anonymized after 26 months

In the unlikely event of a data breach:

• •We will notify supervisory authorities within 72 hours
• •Affected users will be informed without undue delay
• •We will provide details about the breach and its impact
• •Remediation steps will be communicated clearly
• •We maintain breach logs as required by GDPR

We do not knowingly collect data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately for removal.

Direct Studio does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automation we use is limited to:

• •Spam and fraud detection for security
• •Service recommendations based on usage patterns
• •Technical optimizations for performance

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your rights under GDPR. Contact details for EEA supervisory authorities can be found on the European Data Protection Board website.