PRIVACY POLICY

1.1. This Privacy Policy ('Policy', 'Privacy Policy') defines the rules by which Nero Studio ('Studio', 'we', 'us') collects, processes, stores, and shares the personal data of users/clients ('you', 'User', 'Client') in the context of providing video, editing, production, digital avatar, AI solutions, and other related global services.
1.2. This Policy applies to all forms of interaction with Nero Studio: website, contact/briefing forms, client portal, cloud services, email communication, API, user data in applications, and user-submitted materials.
1.3. By using Nero Studio's services, you accept the terms of this Policy and agree that your data may be processed in accordance with it.

2.1. The controller of your data is Nero Studio, with its registered office at [company address], contact email: [contact@nero.studio].
2.2. For data protection matters (requests for access, deletion, objection, etc.), you can contact the data protection representative at: [dpo@nero.studio] (if designated).

We may collect and process the following categories of data:

• Identification and contact data: name, surname, email address, phone number, correspondence/billing address
• Company data (if applicable): company name, identifiers (VAT ID, registration number, or equivalent)
• Media data / submitted materials: video files, audio, graphics, scripts, file metadata
• Technical data: IP address, device type, operating system, browser, server logs
• Communication data: email correspondence, call records, notes, revisions
• Payment / billing data (processed by external payment providers)
• Analytical and cookie data: session identifiers, cookies, tracking technologies

Processing is carried out for the following purposes and on the following legal bases:

Data related to orders and invoices will be stored for the period required by accounting and tax law in the jurisdiction in which you operate (usually 5–10 years).
Contact details, correspondence, and communication materials — for a period no longer than necessary for evidentiary purposes (usually 3–5 years) or until consent is withdrawn / the account is deleted.
Analytical data / cookies — in accordance with cookie settings and the cookie policy (usually up to a few months or years, depending on the function).

Your data may be transferred or shared with:

• entities providing technical services: hosting, servers, Cloud, backup, AI/ML providers, analytics
• payment partners / payment processing systems
• subcontractors performing specific services (e.g., post-production, translations), on the basis of data entrustment
• public authorities, if required by law
• in the event of a merger / acquisition: data may be transferred to the buyer, provided that it assumes data protection obligations

For each processor, we enter into data processing agreements (where required by law) and require technical and organizational security measures.

As we operate globally, data may be transferred outside your country or region (e.g., EU → USA, etc.). In such cases, we apply appropriate safeguards:

• Standard Contractual Clauses (SCCs) or other legally approved mechanisms
• Transfer Impact Assessment
• Encryption in transit and at rest
• Selection of cloud regions with high privacy standards

Every data subject has the right to:

• Access their data and obtain a copy
• Rectify / correct inaccurate or incomplete data
• Erasure (right to be forgotten), if there is no legal basis for further processing
• Restrict processing
• Data portability (if processing is based on consent or a contract)
• Object to processing (e.g., for marketing, profiling)
• Withdraw consent (if processing is based on consent)
• Lodge a complaint with a supervisory authority (e.g., in the EU: a data protection authority)

To exercise these rights, please contact us at: [dpo@nero.studio].

Our website uses cookies: essential, analytical, marketing.
The user has the ability to manage cookie consent (accept / refuse / settings).
For users from the EU (or regions where required): cookie banner + opt-in / opt-out.
Third-party cookies (Google Analytics, analytical tools, ads) are described in detail in the cookie policy.

As part of our services, we use AI solutions / automated models for media processing, version suggestions, etc.
The user has the right to request that a decision or generated material be reviewed by a human.
In the case of automated decisions, we provide an explanation of the basis (logic, criteria).

We apply technical and organizational measures appropriate to the risk, including:

• TLS/SSL encryption in data transmission
• Limited access to data on a need-to-know basis
• Backups and recovery systems
• Password policies, security audits, breach monitoring

In the event of a data breach, we respond in accordance with applicable law.
We will inform the affected data subjects and the competent supervisory authority (where required) within the appropriate deadlines (e.g., 72 hours under GDPR).

We reserve the right to change the Policy at any time.
The new version comes into effect on the date of publication.
In case of significant changes, we will notify registered clients/users by email.

If any part of this Policy is deemed invalid — the remaining provisions remain in force.
We may transfer the rights/obligations arising from this Policy (assignment) — after informing users.
Legal communication and notifications: mainly by email to the addresses provided by the user.
This Policy + the Terms of Service constitute the entire agreement regarding private data.