GDPR Policy (Personalized Video Service)

Effective Date: 01/09/2025

At Kuik, we are committed to protecting the privacy and personal data of individuals whose information is processed through our personalized video generation services. This policy explains how we comply with the EU General Data Protection Regulation (GDPR).

1. Roles Under GDPR

Kuik as Data Processor: When we generate personalized videos on behalf of our clients, Kuik acts as a processor. The client (e.g. a company using Kuik to send videos to its customers or leads) is the controller and determines the purposes and means of processing. Kuik as Data Controller: For certain activities (e.g. Kuik’s own marketing, account management, analytics, or website use), Kuik acts as a controller.

2. Categories of Personal Data Processed

Depending on the client’s use case, the following types of personal data may be processed: identifiers (name, email, phone, customer ID), transactional data (purchase history, service usage, order dates), engagement data (website activity, campaign interactions, lead source), media-related data (personalized text, images, or voice for videos), and technical data (IP, device/browser). Special categories are not processed unless explicitly instructed by the client and safeguarded with additional controls.

3. Purpose and Legal Basis

For Clients (as Controllers): Clients determine purpose and legal basis (usually consent or legitimate interest in B2B outreach). Kuik only processes data under client instructions. For Kuik (as Controller): bases include contract performance (providing services), legitimate interest (improvement, fraud prevention, security), and consent (our own marketing).

4. Data Retention

Personal data for video generation is retained only as long as necessary to deliver the service or as instructed by the client. Unless otherwise agreed, Kuik deletes or anonymizes data within 30 days after delivery. Logs and backups are retained only as necessary for security, audit, or legal compliance.

5. Data Sharing & Sub-processors

Kuik may use trusted third-party providers (cloud hosting, AI voice/translation). All sub-processors are bound by GDPR-compliant DPAs. A current list is available upon request. International transfers rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

6. Data Subject Rights

Individuals whose personal data is processed via Kuik have GDPR rights: access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and not to be subject to automated decisions with significant legal effects. Since Kuik processes data for clients, requests will typically be redirected to the client (controller).

7. Security Measures

Kuik applies industry-standard measures: encryption in transit and at rest, access controls and authentication, regular audits and monitoring, staff training, and incident response procedures.

8. Contact & Complaints

Questions or GDPR rights requests: Email privacy@kuik.io, Address: C. de Moreno Nieto, 2, Arganzuela, 28005 Madrid. You also have the right to lodge a complaint with your local data protection authority.