Privacy Policy
1. Data Controller
Sunside Movie Italy S.R.L.s.
Via Aniello Falcone, 133, 80127, Napoli, Italy
VAT Number: IT09414801218
Email: support@sunside.club
PEC: sunsidemovie@pec.it
2. Data We Collect
A. Directly Provided
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, phone | User authentication |
| Professional Info | Skills, certifications | Service matching |
| Physical Traits | Height, weight, sizes | Casting suitability |
| Payment Details | Billing address, VAT# | Transaction processing |
B. Automatically Collected
- Device information (IP, browser type)
- Usage patterns (pages visited, features used)
- Cookies: We are not currently using cookies on our platform. However, we plan to implement cookies in the future to enhance user experience, analyze site traffic, and personalize content. At that time, we will provide a cookie consent banner to allow you to manage your preferences.
3. Legal Bases (GDPR Art. 6)
| Processing Activity | Legal Basis |
|---|---|
| Account creation | Contractual necessity |
| Payment processing | Legal obligation |
| Talent matching | Legitimate interest |
| Marketing communications | Explicit consent |
4. Your Rights
You can:
✅ Request access to your data (Art. 15)
✅ Correct inaccuracies (Art. 16)
✅ Delete your account (Art. 17)
✅ Restrict processing (Art. 18)
✅ Data portability (Art. 20)
✅ Object to processing (Art. 21)
To exercise rights:
Email support@sunside.club with subject "GDPR Request"
We respond within 30 days
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion request | Service continuity |
| Transaction records | 5 years | Italian tax law (Art. 22) |
| Cookies | 13 months | Privacy Garante guidance |
6. International Transfers
We use these GDPR-compliant services that may store data outside the EU:
-
Supabase (Database Hosting)
- Data Stored: User profiles, application data
- Location: United States
- Compliance: EU-US Data Privacy Framework certified
- Purpose: Core platform functionality
-
Stripe (Payment Processing)
- Data Stored: Transaction records, billing details
- Location: United States
- Compliance: Standard Contractual Clauses (SCCs), PCI DSS compliant
- Purpose: Secure payment processing
All transfers meet GDPR Article 46 requirements through either adequacy decisions or appropriate safeguards.
We regularly review our third-party service providers' data protection practices to ensure they meet our standards.
7. Security Measures
- Encryption of sensitive data
- Regular access audits
- Two-factor authentication for staff
- Secure deletion protocols
8. Compliance Status
While we strive for full GDPR compliance, as a small startup:
- We are in the process of appointing a Data Protection Officer (DPO)
- We are continuously working to improve our data protection documentation and processes
- We plan to conduct regular third-party security audits to ensure the effectiveness of our security measures
Our commitment:
- Respond to all data requests within 30 days
- Continuously improve security measures
- Appoint a certified DPO
9. Changes to This Policy
We'll notify users of material changes via email 30 days in advance.
10. Data Breach Notification
In the event of a data breach, we will notify the appropriate data protection authority within 72 hours of discovery, as required by GDPR. Affected users will also be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
11. Contact
For data requests: support@sunside.club
This English version is for convenience. The Italian version prevails.