Our Commitment to GDPR
GHL Video Capture is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union.
Data Controller vs. Data Processor
GHL Video Capture as Data Processor
For video content captured through your embeds:
- You (the customer) are the Data Controller
- We are the Data Processor
- Videos are stored in your Cloudflare R2 bucket under your control
- We process data only on your instructions
GHL Video Capture as Data Controller
For your account information and usage data:
- We are the Data Controller
- We determine how this data is processed
- Subject to our Privacy Policy
Legal Basis for Processing
We process personal data based on:
| Data Type |
Legal Basis |
| Account data |
Contract performance |
| Video processing |
Contract performance / Your instructions |
| Marketing communications |
Consent or legitimate interest |
| Security logs |
Legitimate interest |
Your Rights Under GDPR
EU residents have the following rights:
Right to Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate personal data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restrict Processing
Limit how we use your data
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to certain types of processing
To exercise any of these rights, contact our Data Protection Officer at dpo@ghlvideocapture.com
Data Processing Agreement (DPA)
Business customers can request a Data Processing Agreement that covers:
- Scope and purpose of processing
- Security measures
- Sub-processor details
- Data subject rights
- Audit provisions
Technical and Organizational Measures
We implement appropriate measures to ensure data security:
Technical Measures
- Encryption in transit (TLS 1.2+)
- Encryption at rest for sensitive data
- Regular security updates and patches
- Access controls and authentication
- Regular backups and disaster recovery
Organizational Measures
- Data protection training for staff
- Confidentiality agreements
- Limited access on need-to-know basis
- Regular security assessments
- Incident response procedures
Sub-Processors
We use the following sub-processors:
| Sub-Processor |
Purpose |
Location |
| Supabase |
Database & Authentication |
United States |
| Cloudflare |
CDN & Infrastructure |
Global |
| Stripe |
Payment Processing |
United States |
Data Transfers
When we transfer data outside the EU, we ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Additional security measures as needed
Privacy by Design
Our service incorporates privacy by design principles:
- Data Minimization: We only collect necessary data
- Purpose Limitation: Data used only for stated purposes
- Storage Limitation: Data retained only as long as needed
- Security: Built-in encryption and access controls
- Transparency: Clear privacy notices and controls
Your Responsibilities
As a Data Controller using our service, you must:
- Obtain valid consent for video recordings
- Provide privacy notices to data subjects
- Respond to data subject requests
- Ensure lawful basis for processing
- Implement appropriate security measures
- Report data breaches as required
Data Breach Procedures
In case of a data breach:
- We will notify affected customers within 72 hours
- Provide details of the breach and affected data
- Outline measures taken to address the breach
- Cooperate with supervisory authorities
- Document all breaches and responses
Contact Our DPO
For GDPR-related inquiries or to exercise your rights:
Supervisory Authority
EU residents have the right to lodge a complaint with their local data protection authority if they believe their rights have been violated.