1. GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process the personal data of individuals residing in the European Union (EU) and the European Economic Area (EEA), regardless of where the organization is located.
Guiza Media LLC takes GDPR compliance seriously. Although we are based in the United States, we recognize that our services may be used by individuals and businesses in the EU/EEA, and we have implemented measures to ensure compliance with GDPR requirements.
Key GDPR Principles We Follow
- Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes only.
- Data Minimization: We only collect personal data that is adequate, relevant, and limited to what is necessary.
- Accuracy: We ensure personal data is accurate and kept up to date.
- Storage Limitation: We keep personal data only as long as necessary for the purposes for which it was collected.
- Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security.
- Accountability: We are responsible for demonstrating compliance with all GDPR principles.
2. Your Data Subject Rights
Under GDPR, individuals have the following rights regarding their personal data:
2.1 Right to Be Informed (Articles 13 & 14)
You have the right to be informed about the collection and use of your personal data. We fulfill this obligation through our comprehensive Privacy Policy.
2.2 Right of Access (Article 15)
You have the right to access your personal data and obtain confirmation that your data is being processed. This includes the right to obtain: a copy of your personal data, information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients, the envisaged retention period, and information about your other rights.
2.3 Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected or completed if it is incomplete. We will respond to rectification requests within 30 days.
2.4 Right to Erasure ("Right to be Forgotten") (Article 17)
You have the right to request the deletion of your personal data when: the data is no longer necessary for the purpose it was collected, you withdraw consent and no other legal basis for processing exists, you object to processing and there are no overriding legitimate grounds, the data has been unlawfully processed, or the data must be erased for compliance with a legal obligation.
2.5 Right to Restrict Processing (Article 18)
You have the right to request the restriction of processing of your personal data when: you contest the accuracy of the data (for a period enabling verification), the processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification of legitimate grounds.
2.6 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller when: the processing is based on consent or a contract, and the processing is carried out by automated means.
2.7 Right to Object (Article 21)
You have the right to object to processing of your personal data when: processing is based on legitimate interests or the performance of a task in the public interest, processing is for direct marketing purposes, or processing is for scientific/historical research or statistical purposes.
2.8 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you. Guiza Media LLC does not engage in automated decision-making of this nature.
3. How to Exercise Your Rights
To exercise any of your GDPR rights, please submit a request using one of the following methods:
Send your request to info@guizamedia.com with the subject line "GDPR Rights Request"
By Postal Mail:
Guiza Media LLC
Attn: Data Protection Officer
1209 Mountain Road Pl NE Ste N
Albuquerque, NM 87110
USA
Required Information:
Please include your full name and contact information, specific right you wish to exercise, description of the data subject to your request, and proof of identity (if requesting access to or deletion of data).
Response Time
We will respond to your request within 30 days of receipt. If your request is complex or numerous, we may extend this period by two months, but we will notify you of any extension within one month of receiving your request.
Verification
To protect your privacy and security, we will take steps to verify your identity before fulfilling your request. We may ask you to provide additional information to confirm your identity.
Fees
We do not charge a fee to process or respond to your request unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act on the request.
4. Data Controller Information
Under GDPR, Guiza Media LLC acts as a Data Controller for the personal data we collect directly from you. We may also act as a Data Processor when handling data on behalf of our clients.
Guiza Media LLC
1209 Mountain Road Pl NE Ste N
Albuquerque, NM 87110
United States
Email: info@guizamedia.com
Website: https://guizamedia.com
EU Representative
As a non-EU organization that processes the personal data of EU residents, we have appointed an EU representative to facilitate communication with supervisory authorities and data subjects. Contact through our main office for EU data protection matters.
5. Data Protection Officer (DPO)
While GDPR requires certain organizations to appoint a Data Protection Officer, Guiza Media LLC has voluntarily designated a privacy officer to oversee data protection strategy and implementation to ensure compliance with GDPR and other privacy regulations.
Guiza Media LLC
Attn: Privacy Officer
1209 Mountain Road Pl NE Ste N
Albuquerque, NM 87110
United States
Email: info@guizamedia.com
The Privacy Officer is responsible for: monitoring compliance with GDPR and our data protection policies, providing advice regarding data protection impact assessments, cooperating with supervisory authorities, and serving as the point of contact for data subjects and authorities.
6. Legal Basis for Processing
Under Article 6 of GDPR, we must have a legal basis for processing personal data. The legal bases we rely on include:
| Legal Basis | GDPR Article | Purposes |
|---|---|---|
| Consent | Article 6(1)(a) | Marketing communications, analytics cookies, optional features |
| Contract Performance | Article 6(1)(b) | Providing our services, processing payments, customer support |
| Legal Obligation | Article 6(1)(c) | Tax compliance, legal claims, regulatory requirements |
| Legitimate Interests | Article 6(1)(f) | Service improvement, fraud prevention, network security |
Legitimate Interests Assessment
When we process data based on legitimate interests, we conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms. Our legitimate interests include: maintaining network and information security, preventing fraud and abuse of our services, improving our products and services, and marketing to existing customers about similar products.
7. International Data Transfers
Guiza Media LLC is based in the United States. When we transfer personal data from the EU/EEA to the United States, we ensure appropriate safeguards are in place:
7.1 Transfer Mechanisms
- Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses for transfers to our US-based service providers.
- Adequacy Decisions: We rely on adequacy decisions where available (e.g., EU-US Data Privacy Framework where applicable).
- Data Processing Agreements: All third-party processors are contractually bound to provide adequate data protection.
7.2 Service Provider Transfers
We work with service providers that may process data in the United States and other countries. These providers include: cloud hosting providers (Vercel, AWS), analytics providers (Google Analytics), email service providers (Resend), and payment processors (Stripe). All transfers are conducted in compliance with Chapter V of GDPR.
7.3 Your Rights Regarding Transfers
You may request a copy of the safeguards we use for international transfers by contacting our Privacy Officer.
8. Data Breach Notification
In accordance with Articles 33 and 34 of GDPR, we have established procedures for detecting, reporting, and investigating personal data breaches:
8.1 Supervisory Authority Notification
If we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will: notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and provide details including the nature of the breach, categories of data affected, approximate number of data subjects, likely consequences, and measures taken.
8.2 Data Subject Notification
If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay. This notification will include: the nature of the personal data breach, the name and contact details of our Data Protection contact, the likely consequences of the breach, measures taken or proposed to address the breach, and recommendations for you to mitigate potential damage.
8.3 Our Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, regular security assessments, and employee training.
9. Right to Lodge a Complaint
If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
Lead Supervisory Authority
For our main establishment in the EU, the lead supervisory authority would be determined based on where our EU representative is located or where the majority of affected data subjects are located.
List of EU Data Protection Authorities
You can find contact details for EU data protection authorities at: European Data Protection Board
Before You Complain
We encourage you to contact us first to give us the opportunity to address your concerns. Most privacy issues can be resolved quickly and directly.
10. Contact Information
For any questions or concerns about GDPR compliance or to exercise your data protection rights, please contact us:
Attn: Data Protection / Privacy Officer
1209 Mountain Road Pl NE Ste N
Albuquerque, NM 87110
United States
Email: info@guizamedia.com
Website: https://guizamedia.com
Response Time: We aim to respond to all GDPR-related inquiries within 30 days.
Additional Resources
- Privacy Policy - Comprehensive information about our data practices
- Cookie Policy - Information about cookies and tracking technologies
- GDPR.eu - Official GDPR information portal
- European Data Protection Board - Official EU data protection authority