Privacy Policy

1. Data Controller

PLAYME INTERACTIVE EXPERIENCE SL ("PLAYME", "we", "us") is the data controller responsible for the processing of personal data described in this policy.

• Registered address: Calle Alameda 22, 28014 Madrid, Spain
• Contact (privacy): gdpr@playme.digital
• Data Protection Officer: dpo@playme.digital

2. Scope

This policy explains how we process personal data when you visit playme.video, contact us, or when our clients engage us to deliver personalized 1:1 video communication campaigns to their end customers.

3. Personal data we process

• Website visitors: IP address, device and browser data, pages viewed, and cookie identifiers (only after consent for non-essential cookies).
• Business contacts & prospects: name, work email, company, role, country, message content and any information you choose to share with us via the contact form or email.
• Campaign end-recipients (processed on behalf of our clients): identifiers, contact data and CRM attributes (e.g. loyalty tier, transactions, preferences) supplied by our client to render personalized videos. For this data, the client is the controller and PLAYME acts as processor under a Data Processing Agreement (DPA).

4. Purposes & legal bases (Art. 6 GDPR)

• Operating the website and ensuring its security — legitimate interest (Art. 6.1.f).
• Responding to enquiries and pre-contractual requests — taking steps at your request (Art. 6.1.b).
• Analytics, performance and marketing cookies — your consent (Art. 6.1.a), withdrawable at any time.
• Delivering personalized video campaigns for clients — performance of the contract with our client (Art. 6.1.b), and our client's own legal basis toward the end recipient.
• Compliance with legal obligations (accounting, tax, GDPR requests) — Art. 6.1.c.

5. Processors and recipients

We share personal data only with trusted service providers bound by a DPA and with appropriate safeguards:

• Google — workspace, hosting infrastructure and web analytics (EU/US, EU-US Data Privacy Framework).
• Synerise — customer data platform and campaign orchestration (EU).
• Vintom — personalized video rendering and delivery technology (EU).

We do not sell personal data. We may disclose data to public authorities where required by law.

6. International transfers

When personal data is transferred outside the European Economic Area, we rely on adequacy decisions, EU Standard Contractual Clauses (2021/914) and additional technical safeguards (encryption in transit and at rest).

7. Retention

• Contact form enquiries: up to 24 months after the last interaction.
• Client account and contractual records: duration of the contract + 6 years (tax law).
• Cookie identifiers: as set out in our Cookie Policy.
• End-recipient data processed for clients: as instructed by the client in the DPA.

8. Your rights

Under the GDPR you may exercise the following rights free of charge:

• Access, rectification and erasure
• Restriction of processing and objection
• Data portability
• Withdraw consent at any time (without affecting prior processing)
• Lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es)

To exercise your rights, email gdpr@playme.digital with proof of identity. We respond within one month. If your data is processed by us on behalf of one of our clients, we will forward your request to the corresponding controller.

9. Security

We implement appropriate technical and organisational measures (access control, encryption, logging, least-privilege, vendor due diligence and regular reviews) to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

10. Children

Our services are intended for businesses. We do not knowingly collect personal data from children under 14.

11. Changes

We may update this policy to reflect operational, legal or regulatory changes. The "Last updated" date above indicates the current version.