Privacy Policy
1. Data Controller
Sunside Movie Italy S.R.L.s.
Via Aniello Falcone, 133, 80127, Napoli, Italy
VAT Number: IT09414801218
Email: support@sunside.club
PEC: sunsidemovie@pec.it
2. Data We Collect
A. Directly Provided
| Category | Examples | Purpose |
|---|---|---|
| Account Data | Name, email, phone | User authentication |
| Professional Info | Experiences, certifications | Service matching |
| Physical Traits | Height, weight, sizes | Casting suitability |
| Payment Details | Billing address, VAT# | Transaction processing |
B. Automatically Collected
- Device information (IP, browser type)
- Usage patterns (pages visited, features used)
- Cookies: We are not currently using cookies on our platform. However, we plan to implement cookies in the future to enhance user experience, analyze site traffic, and personalize content. At that time, we will provide a cookie consent banner to allow you to manage your preferences.
3. Legal Bases (GDPR Art. 6)
| Processing Activity | Legal Basis |
|---|---|
| Account creation | Contractual necessity |
| Payment processing | Legal obligation |
| Talent matching | Legitimate interest |
| Marketing communications | Explicit consent |
You have the right to withdraw your consent at any time for any processing based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4. Your Rights
You can:
✅ Request access to your data (Art. 15)
✅ Correct inaccuracies (Art. 16)
✅ Delete your account (Art. 17)
✅ Restrict processing (Art. 18)
✅ Data portability (Art. 20)
✅ Object to processing (Art. 21)
✅ Withdraw consent at any time (where processing is based on consent)
To exercise rights:
Email support@sunside.club with subject "GDPR Request"
We respond within 30 days
Lodge a complaint:
If you believe we are not handling your data properly, you have the right to lodge a complaint with your local data protection authority. For Italy, this is the Garante per la protezione dei dati personali (https://www.garanteprivacy.it/).
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion request | Service continuity |
| Transaction records | 5 years | Italian tax law (Art. 22) |
| Cookies | 13 months | Privacy Garante guidance |
6. International Transfers
We use these GDPR-compliant services that may store data outside the EU:
-
Supabase (Database Hosting)
- Data Stored: User profiles, application data
- Location: United States
- Compliance: EU-US Data Privacy Framework certified
- Purpose: Core platform functionality
-
Stripe (Payment Processing)
- Data Stored: Transaction records, billing details
- Location: United States
- Compliance: Standard Contractual Clauses (SCCs), PCI DSS compliant
- Purpose: Secure payment processing
All transfers meet GDPR Article 46 requirements through either adequacy decisions or appropriate safeguards.
We regularly review our third-party service providers' data protection practices to ensure they meet our standards.
7. Security Measures
- Encryption of sensitive data
- Regular access audits
- Two-factor authentication for staff
- Secure deletion protocols
8. Compliance Status
While we strive for full GDPR compliance, as a small startup:
- We are in the process of appointing a Data Protection Officer (DPO)
- We are continuously working to improve our data protection documentation and processes
- We plan to conduct regular third-party security audits to ensure the effectiveness of our security measures
Our commitment:
- Respond to all data requests within 30 days
- Continuously improve security measures
- Appoint a certified DPO
9. Changes to This Policy
We'll notify users of material changes via email 30 days in advance.
10. Data Breach Notification
In the event of a data breach, we will notify the appropriate data protection authority within 72 hours of discovery, as required by GDPR. Affected users will also be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
11. Specific Rules for Children
Our services are intended for users who are 18 years of age or older. We do not knowingly collect personal data from children under 16. If you are under 16, you may only use our services with the involvement and approval of a parent or guardian.
For users between 16-18 years, parental consent may be required depending on the specific EU member state where you reside. As we develop features for minors management, we will implement appropriate verification methods to ensure parental consent is obtained where required.
If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information as quickly as possible.
12. Contact
For data requests: support@sunside.club
13. Platform-Specific Privacy Considerations
Google Play Services
When you download and use our app through Google Play:
- Google may collect certain information as described in their Privacy Policy
- Payment information for subscriptions is processed by Google, not directly by us
- App usage data may be shared with Google to improve app performance and analytics
- We do not have access to your complete Google Play payment information
For more information about how Google processes your data, please review the Google Privacy Policy.
Apple App Store (Coming Soon)
Similar privacy considerations will apply when our iOS app launches.
This English version is for convenience. The Italian version prevails.
Last Updated: April 23, 2025