PRIVACY POLICY
Welcome to SDM Creative Studio. Your privacy is of the utmost importance to us. This Privacy Policy describes how Sofía Duarte Miranda (hereinafter, “SDM Creative Studio”, “SDM Estudio Creativo”,”we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you visit our website or use our services.
This policy has been drafted to comply simultaneously with the legislation of Uruguay (Law No. 18.331 on Personal Data Protection) and the General Data Protection Regulation (GDPR) of the European Union (Regulation (EU) 2016/679).
1. Data Controller
The entity responsible for processing your personal data is:
- Legal Name: Sofía Duarte Miranda
- Trade Name: SDM Estudio Creativo
- Tax ID (RUT): 218705940018
- Registered Address: Viacaba 1733, Montevideo, Uruguay
- Email: legal@sdmestudio.com
2. Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) whom you can contact for any inquiry, request, or complaint related to the processing of your personal data:
- Name: Emiliano Espíndola González
- Contact Email: legal@sdmestudio.com
3. What data do we collect and for what purpose?
We collect your personal data only for specific, explicit, and legitimate purposes. The legal basis for processing your data will depend on the purpose for which we collect it.
Purpose of Processing | Personal Data Collected | Legal Basis (GDPR / Law 18.331) |
Managing inquiries | Name, surname, email, phone, company. | Consent of the data subject (Art. 6.1.a GDPR). |
Service provision and contract management | Name, surname, email, phone, company, billing data (non-banking). | Performance of a contract (Art. 6.1.b GDPR) and Compliance with a legal obligation (e.g., invoicing) (Art. 6.1.c GDPR). |
Sending marketing communications (Newsletter) | Name, surname, email address. | Explicit consent of the data subject (Art. 6.1.a GDPR). |
Web analytics and service improvement | IP address (anonymized), browsing data, cookies. | Consent of the data subject (for non-essential cookies) (Art. 6.1.a GDPR) or Legitimate Interest (for basic anonymized analytics). |
We do not collect sensitive data (as defined in Art. 9 of the GDPR and Art. 18 of Law 18.331).
4. Data Retention Period
We will only retain your personal data for the time strictly necessary to fulfill the purposes for which it was collected:
- Customer data (contractual and billing): Will be kept for the duration of the commercial relationship and, subsequently, for the legal periods required by tax and commercial regulations (generally between 5 and 10 years).
- Data for marketing communications (Newsletter): Will be kept until you revoke your consent.
- Inquiry data: Will be kept for the time necessary to resolve your inquiry (generally a period of 6 to 12 months).
5. Data Recipients (Who we share your data with)
Your data will not be sold or rented. It will only be shared with the following recipients (Data Processors) who help us provide our services, and who have committed to complying with applicable privacy regulations:
- Hosting: Hosting Montevideo (with servers located in the United States).
- Payment Gateways:
- MercadoPago (Procesadora de Pagos S.R.L.) for transactions in Uruguay.
- PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) or PayPal Inc. (USA) for international transactions.
- Web Analytics: Google LLC (United States) through its Google Analytics 4 service.
Eventually, your data may be disclosed to public authorities, judges, or courts in compliance with a legal obligation.
6. International Data Transfers
We inform you that some of our service providers are located outside the European Economic Area (EEA) and Uruguay.
- Hosting and Analytics (USA): Our web hosting services (Hosting Montevideo) and analytics (Google Analytics) involve the transfer of your data to servers located in the United States.
- Basis for transfer (Uruguay): The Oriental Republic of Uruguay has been declared by the European Commission as a country with an adequate level of protection (adequacy decision), facilitating EU-Uruguay transfers.
- Basis for transfer (USA): For transfers to the United States, we ensure they are carried out under the appropriate safeguards required by the GDPR. We rely on:
- The adherence of these providers (like Google LLC) to the EU-U.S. Data Privacy Framework (DPF).
- The signing of Standard Contractual Clauses (SCCs) approved by the European Commission.
By accepting this policy, you consent to these international transfers.
7. Data Security
We have adopted the necessary technical and organizational measures to protect your data against destruction, loss, alteration, unauthorized access, or illicit processing. This includes the use of SSL certificates on our website.
8. Your Data Protection Rights
You have the right to exercise, at any time, the rights granted to you by Uruguayan and EU regulations. These rights include:
- Access: To obtain confirmation as to whether or not we are processing your data and to access it.
- Rectification: To request the correction of inaccurate or incomplete data.
- Erasure (Right to be forgotten): To request that we delete your data when it is no longer necessary.
- Restriction of processing: To request that we suspend the processing of your data under certain circumstances.
- Objection: To object to the processing of your data (especially for marketing purposes).
- Portability: To request that we provide your data in a structured, machine-readable format.
- Withdraw consent: For any processing based on your consent (like the newsletter), you can withdraw it at any time.
How to exercise your rights: You can exercise these rights by sending an email request to our DPO at legal@sdmestudio.com, attaching a copy of your ID document to verify your identity.
9. Minors
Our services are not directed at minors. If we detect that we have inadvertently collected data from a minor without parental or guardian consent, we will proceed to delete such information as soon as possible.
10. Supervisory Authorities
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the competent supervisory authority:
- In Uruguay: With the Unidad Reguladora y de Control de Datos Personales (URCDP).
- In Spain (or EU): With the Agencia Española de Protección de Datos (AEPD) (Spanish Data Protection Agency) or the data protection authority of the EU Member State where you reside.
11. Cookie Policy
This website uses cookies. For detailed information about what cookies we use, why we use them, and how you can manage them, please consult our Cookies Policy.
12. Policy Modifications
SDM Creative Studio reserves the right to modify this Privacy Policy to adapt it to new legislative or jurisprudential developments. We will notify you of any substantial changes to this policy.
