GDPR Policy

1. Scope & Applicability

This GDPR Policy applies to all processing of personal data carried out by ReelCiety in connection with users located in the European Economic Area (EEA), the United Kingdom, and Switzerland.

It covers all forms of processing, including collection, storage, use, analysis, disclosure, and deletion of personal data across web, mobile, and backend systems.

2. Data Controller Information

ReelCiety is operated by Nexa-Group, which acts as the Data Controller under GDPR for all personal data processed through the platform.

Controller: Nexa-Group
Privacy Contact: privacy@nexa-group.org
Data Protection Officer (DPO): dpo@nexa-group.org

3. Lawful Bases for Processing

ReelCiety processes personal data only when a lawful basis exists under Article 6 GDPR, including:

• Contractual necessity – to provide platform services
• Legal obligations – compliance with laws and regulations
• Legitimate interests – platform security, abuse prevention, analytics
• User consent – where required (e.g., marketing, cookies)
• Vital interests – protection of users in emergencies

4. Categories of Personal Data

ReelCiety may process the following categories of data:

• Account identifiers (username, user ID)
• Contact details (email address)
• Content data (posts, comments, media)
• Usage data (interactions, engagement metrics)
• Device and technical data (IP address, logs)
• Safety and moderation records

5. Special Categories of Data

ReelCiety does not intentionally process special categories of personal data under Article 9 GDPR. If such data appears in user-generated content, it is processed only as necessary to provide the service or enforce safety rules.

6. Data Minimization & Purpose Limitation

Personal data is collected only for specific, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

We apply strict data minimization principles to reduce the volume and sensitivity of data processed.

7. Automated Decision-Making

ReelCiety may use automated systems for content ranking, spam detection, and safety enforcement. These systems are subject to human oversight and are not used to make decisions producing legal effects without safeguards.

8. Data Retention

Personal data is retained only as long as necessary for the purposes for which it was collected, including:

• Active account duration
• Legal and regulatory obligations
• Security, fraud, and abuse investigations

9. Data Subject Rights

Under GDPR, users have the right to:

• Access their personal data
• Rectify inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

10. Exercising Your Rights

Requests may be submitted via the privacy contact details below. Identity verification may be required to protect user data.

11. International Data Transfers

Where data is transferred outside the EEA, ReelCiety uses approved transfer mechanisms such as Standard Contractual Clauses (SCCs) and equivalent safeguards.

12. Security Measures

ReelCiety implements technical and organizational security measures including encryption, access controls, monitoring, and incident response procedures.

13. Data Breach Notification

In the event of a personal data breach, ReelCiety will notify relevant supervisory authorities and affected users where required by law.

14. Supervisory Authority

Users have the right to lodge a complaint with their local data protection authority.

15. Policy Updates

This GDPR Policy may be updated periodically to reflect legal or operational changes. Updates take effect upon publication.

16. Contact

Privacy Office: privacy@nexa-group.org
Data Protection Officer: dpo@nexa-group.org
Support: support@reelciety.com