⚖️Legal Document · EU Compliant

Privacy Policy

We are committed to protecting your personal data. This policy explains what data we collect, why, how we use it, and your rights under EU law.

📅Last Updated: 4 March 2026✅Effective: 4 March 2026🇪🇺GDPR Compliant🔒ePrivacy Directive

1. Introduction

Mindcreativa.Studio ("we", "us", "our") is a creative AI video and digital growth studio operating within the European Union. We take the privacy of every person who visits our website, enquires about our services, or becomes a client very seriously.

This Privacy Policy sets out how we collect, use, store, share, and protect personal data in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and any applicable national data protection legislation.

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood this policy. If you do not agree, please refrain from using our website and services.

2. Data Controller

🏢Data Controller Details

Mindcreativa.Studio
Operated by: Rio Vasil
Email: riovasil7@gmail.com
Jurisdiction: European Union
For data protection enquiries, contact us at the email address above and include "Data Protection" in the subject line.

As data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring your data is handled lawfully, fairly, and transparently.

3. Personal Data We Collect

3.1 Data You Provide Directly

Contact information: full name, email address, telephone number, company name
Enquiry and project details you submit via our contact form
Service preferences, budget range, and project brief information
Any correspondence, messages, or communications you send to us
Payment and billing information (processed through third-party payment processors; we do not store full card details)

3.2 Data Collected Automatically

IP address and approximate geographic location (country/region level)
Browser type, version, and operating system
Pages visited, time spent, and navigation paths on our website
Referring URL (how you found our website)
Device identifiers and screen resolution
Cookie data (see our Cookie Policy for full details)

3.3 Data We Receive from Third Parties

Analytics data from web analytics providers (e.g., Google Analytics)
Advertising interaction data from social media platforms when you interact with our ads
Data you make publicly available on professional platforms when enquiring about our services

4. Legal Bases for Processing

We only process your personal data where we have a lawful basis under Article 6 of the GDPR. The legal bases we rely on are:

Performance of a contract (Art. 6(1)(b)): processing necessary to deliver the services you have engaged us for, manage your project, issue invoices, and fulfil our contractual obligations.
Consent (Art. 6(1)(a)): where you have given clear, freely given, specific, and informed consent — for example, for marketing communications or non-essential cookies. You may withdraw consent at any time.
Legitimate interests (Art. 6(1)(f)): to operate, secure, and improve our website; to prevent fraud and misuse; to maintain internal records; and to respond to your enquiries. We have conducted legitimate interest assessments and determined these interests are not overridden by your rights.
Legal obligation (Art. 6(1)(c)): where processing is necessary to comply with EU or national law — for example, retaining financial records for tax and accounting purposes.

5. Purposes of Processing

To respond to your enquiries and provide requested information
To deliver and manage agreed video production and digital marketing services
To send project updates, deliverables, and client communications
To process payments and manage billing
To send marketing communications where you have opted in
To improve and personalise our website experience
To analyse website traffic and usage (in anonymised or aggregated form where possible)
To prevent fraud, misuse, and ensure website security
To comply with legal and regulatory obligations
To exercise or defend legal claims

6. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We may share your data with carefully selected third parties only where necessary:

6.1 Service Providers and Processors

Website hosting and infrastructure providers
Email and communication service providers
Payment processing providers (e.g., Stripe, PayPal — subject to their own privacy policies)
Web analytics providers (e.g., Google Analytics)
Project management and collaboration tools
AI technology providers used in delivering our services

6.2 Legal and Regulatory Disclosures

We may disclose your data to competent authorities, courts, or regulators if required by law, court order, or to protect the rights, property, or safety of Mindcreativa.Studio, our clients, or others.

7. International Data Transfers

Some of our third-party service providers may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure adequate safeguards are in place in accordance with Chapter V of the GDPR, including:

Adequacy decisions issued by the European Commission
Standard Contractual Clauses (SCCs) approved by the European Commission
Other appropriate safeguards as permitted under the GDPR

You may request information about the specific safeguards applied to any international transfer of your data by contacting us.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention principles:

Enquiry and pre-contract data: up to 2 years from the date of enquiry (unless a contract is formed)
Client and project data: for the duration of the contract plus 7 years for legal and accounting purposes
Financial records: 7 years as required by EU and national tax legislation
Marketing consent records: until consent is withdrawn, plus 3 years thereafter
Website analytics data: up to 26 months in anonymised/aggregated form
Security logs: up to 90 days

When data is no longer required, we securely delete or anonymise it.

9. Your Rights Under the GDPR

As a data subject in the European Union, you have the following rights under the GDPR:

Right	What It Means
Right of Access (Art. 15)	Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16)	Correct inaccurate or incomplete personal data.
Right to Erasure (Art. 17)	Request deletion of your data ('right to be forgotten'), where applicable.
Right to Restriction (Art. 18)	Restrict processing of your data in certain circumstances.
Right to Data Portability (Art. 20)	Receive your data in a structured, machine-readable format.
Right to Object (Art. 21)	Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Art. 7(3))	Withdraw consent at any time without affecting prior processing.
Right to Lodge a Complaint (Art. 77)	File a complaint with your national data protection supervisory authority.

📬How to Exercise Your Rights

To exercise any of the above rights, please send a written request to riovasil7@gmail.com with the subject line "GDPR Data Request". We will respond within 30 days (extendable by a further two months for complex requests, with notice). We may ask you to verify your identity before processing your request. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

10. Right to Lodge a Complaint

If you believe your personal data has been processed in violation of the GDPR, you have the right to lodge a complaint with the competent national supervisory authority in your EU member state of habitual residence, place of work, or the place of the alleged infringement.

A full list of EU national data protection supervisory authorities is available on the European Data Protection Board website: edpb.europa.eu

11. Cookies

Our website uses cookies and similar technologies. For full details of the cookies we use, their purposes, and how to manage your preferences, please read our Cookie Policy.

12. Automated Decision-Making and Profiling

We do not use your personal data for fully automated individual decision-making (including profiling) that produces legal or similarly significant effects, as defined in Article 22 of the GDPR.

13. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately and we will delete such data without undue delay.

14. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (Article 32 GDPR). These measures include encrypted connections (HTTPS/TLS), access controls, and regular security assessments.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post any updated version on this page with a revised "Last Updated" date. For significant changes, we will notify you by email (where we have your contact details) or through a prominent notice on our website. We encourage you to review this policy periodically.

16. Contact Us

✉️Data Protection Contact

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

Mindcreativa.Studio — Data Protection
Email: riovasil7@gmail.com
Subject line: "Privacy / Data Protection"

We aim to acknowledge all data protection queries within 72 hours.

← Back to Mindcreativa.Studio