Privacy Policy

1. Data Controller

Sunside Movie Italy S.R.L.s. Via Aniello Falcone, 133, 80127, Napoli, Italy
VAT Number: IT09414801218 Email: support@sunside.club PEC: sunsidemovie@pec.it

2. Data We Collect

A. Directly Provided

CategoryExamplesPurpose
Account DataName, email, phoneUser authentication
Professional InfoExperiences, certificationsService matching
Physical TraitsHeight, weight, sizesCasting suitability
Payment DetailsBilling address, VAT#Transaction processing
Location InformationCity, province, regionService delivery, matching

B. Automatically Collected

  • Device information (IP, browser type)
  • Usage patterns (pages visited, features used)
  • Approximate location data (based on municipality/comune selection, not precise GPS)
  • Cookies: We are not currently using cookies on our platform. However, we plan to implement cookies in the future to enhance user experience, analyze site traffic, and personalize content. At that time, we will provide a cookie consent banner to allow you to manage your preferences.

3. Legal Bases (GDPR Art. 6)

Processing ActivityLegal Basis
Account creationContractual necessity
Payment processingLegal obligation
Talent matchingLegitimate interest
Marketing communicationsExplicit consent

You have the right to withdraw your consent at any time for any processing based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

4. Your Rights

You can:
✅ Request access to your data (Art. 15)
✅ Correct inaccuracies (Art. 16)
✅ Delete your account (Art. 17)
✅ Restrict processing (Art. 18)
✅ Data portability (Art. 20)
✅ Object to processing (Art. 21)
✅ Withdraw consent at any time (where processing is based on consent)

To exercise rights:
Email support@sunside.club with subject "GDPR Request"
We respond within 30 days

Lodge a complaint:
If you believe we are not handling your data properly, you have the right to lodge a complaint with your local data protection authority. For Italy, this is the Garante per la protezione dei dati personali (https://www.garanteprivacy.it/).

5. Data Retention

Data TypeRetention PeriodReason
Account dataUntil deletion requestService continuity
Transaction records5 yearsItalian tax law (Art. 22)
Cookies13 monthsPrivacy Garante guidance

6. International Transfers

We use these GDPR-compliant services that may store data outside the EU:

  • Supabase (Database Hosting)

    • Data Stored: User profiles, application data
    • Location: United States
    • Compliance: EU-US Data Privacy Framework certified
    • Purpose: Core platform functionality

  • Stripe (Payment Processing)

    • Data Stored: Transaction records, billing details
    • Location: United States
    • Compliance: Standard Contractual Clauses (SCCs), PCI DSS compliant
    • Purpose: Secure payment processing

  • Firebase (Google)

    • Data Stored: Device identifiers (FCM tokens), app usage analytics
    • Location: United States
    • Compliance: EU-US Data Privacy Framework certified
    • Purpose: Push notifications, application analytics

  • Sentry

    • Data Stored: Crash reports, performance data, device information
    • Location: United States
    • Compliance: Standard Contractual Clauses (SCCs)
    • Purpose: Error monitoring, performance analysis

  • RevenueCat

    • Data Stored: User identifiers, subscription status, transaction identifiers
    • Location: United States
    • Compliance: Standard Contractual Clauses (SCCs)
    • Purpose: Subscription management

All transfers meet GDPR Article 46 requirements through either adequacy decisions or appropriate safeguards.

We regularly review our third-party service providers' data protection practices to ensure they meet our standards.

7. Security Measures

  • Encryption of sensitive data at rest (AES-256) and in transit (TLS)
  • Regular access audits
  • Two-factor authentication for staff
  • Secure deletion protocols
  • Periodic security assessments and penetration testing
  • Data minimization principles

8. Compliance Status

While we strive for full GDPR compliance, as a small startup:

  • We are in the process of appointing a Data Protection Officer (DPO)
  • We are continuously working to improve our data protection documentation and processes
  • We plan to conduct regular third-party security audits to ensure the effectiveness of our security measures

Our commitment:

  • Respond to all data requests within 30 days
  • Continuously improve security measures
  • Appoint a certified DPO

9. Changes to This Policy

We'll notify users of material changes via email when they are published. The updated policy will be effective immediately upon posting, unless stated otherwise.

10. Data Breach Notification

In the event of a data breach, we will notify the appropriate data protection authority within 72 hours of discovery, as required by GDPR. Affected users will also be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

11. Specific Rules for Children

Our services are intended for users who are 18 years of age or older. We do not knowingly collect personal data from children under 16. If you are under 16, you may only use our services with the involvement and approval of a parent or guardian.

For users between 16-18 years, parental consent may be required depending on the specific EU member state where you reside. As we develop features for minors management, we will implement appropriate verification methods to ensure parental consent is obtained where required.

If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information as quickly as possible.

12. Contact

For data requests: support@sunside.club For legal communications: sunsidemovie@pec.it

13. Platform-Specific Privacy Considerations

Google Play Services

When you download and use our app through Google Play:

  • Google may collect certain information as described in their Privacy Policy
  • Payment information for subscriptions is processed by Google, not directly by us
  • App usage data may be shared with Google to improve app performance and analytics
  • We do not have access to your complete Google Play payment information

For more information about how Google processes your data, please review the Google Privacy Policy.

Apple App Store

When you download and use our app through the Apple App Store:

  • Apple may collect certain information as described in their Privacy Policy
  • Payment information for subscriptions is processed by Apple, not directly by us
  • We use Apple's in-app purchase system for subscriptions, which is subject to Apple's terms and privacy policy
  • We do not have access to your complete Apple payment information

For more information about how Apple processes your data, please review the Apple Privacy Policy.

This English version is for convenience. The Italian version prevails.

Last Updated: May 22, 2025