GDPR Compliance & Data Protection

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union (EU) and European Economic Area (EEA). VSRC is committed to full compliance with GDPR requirements for all our users, regardless of location.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Contract Performance

Processing necessary to provide the Service you requested:

• Account creation and management
• Video hosting, encoding, and streaming services
• Billing and payment processing
• Customer support and communications

2.2 Legitimate Interests

Processing necessary for our legitimate business interests:

• Service improvement and optimization
• Security and fraud prevention
• Analytics and usage monitoring
• Internal business operations

2.3 Legal Obligations

Processing required to comply with legal requirements:

• Tax and accounting obligations
• Regulatory compliance
• Law enforcement requests

2.4 Consent

Processing based on your explicit consent:

• Marketing communications
• Optional data collection
• Cookies and tracking (where required)

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

3.1 Right of Access

You have the right to obtain confirmation about whether we process your personal data and, if so, to access that data along with information about the processing.

3.2 Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data.

3.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent and there's no other legal ground
• You object to processing and there are no overriding grounds
• The data was unlawfully processed
• Deletion is required for legal compliance

3.4 Right to Restriction of Processing

You can request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you oppose erasure
• We no longer need the data but you need it for legal claims
• You objected to processing pending verification

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

3.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

3.8 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

4. Data Controller Information

VSRC acts as the data controller for personal data processed through our Service. As data controller, we determine the purposes and means of processing your personal data.

Contact Information:

• Company Name: VSRC
• Email: gdpr@vsrc.video
• Address: [Company Address]

5. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and GDPR compliance.

Contact DPO:

• Email: dpo@vsrc.video
• The DPO can be contacted regarding any data protection concerns or inquiries

6. Data Processing Activities

We maintain detailed records of our data processing activities, including:

• Categories of personal data processed
• Purposes of processing
• Categories of data subjects
• Categories of recipients of personal data
• International data transfers
• Retention periods
• Security measures implemented

7. International Data Transfers

When transferring personal data outside the EEA, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules (where applicable)
• Consent for specific transfers (where required)

8. Security Measures

We implement state-of-the-art technical and organizational measures:

8.1 Technical Measures

• Encryption of data at rest (AES-256) and in transit (TLS 1.3)
• Regular security testing and vulnerability assessments
• Intrusion detection and prevention systems
• Secure authentication mechanisms
• Regular security updates and patches

8.2 Organizational Measures

• Access control policies and procedures
• Employee data protection training
• Confidentiality agreements
• Data protection impact assessments
• Incident response procedures

9. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours (where required)
• Inform affected individuals without undue delay (where required)
• Document the breach and our response
• Take measures to mitigate the breach effects

10. Complaints and Supervisory Authority

If you believe your data protection rights have been violated, you have the right to:

• Contact us directly at gdpr@vsrc.video
• Lodge a complaint with a supervisory authority in the EU/EEA

You can find your local supervisory authority contact information at: European Data Protection Board

11. Updates to GDPR Compliance

We continuously monitor and update our GDPR compliance measures. This page will be updated to reflect any changes in our data protection practices or GDPR requirements.