VidLux AI - Free Product Video Generator

Last Updated: May 10, 2025

1. Introduction

This GDPR Compliance Statement explains how VidLux AI ("we", "us", or "our") ensures compliance with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

2. Data Controller

For the purposes of the GDPR, VidLux AI is the data controller for personal data collected through our website and services. This means that we determine the purposes and means of the processing of that personal data.

3. Your Rights Under GDPR

If you are an individual located in the EU or EEA, you have the following rights with respect to your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge you a small fee for this service.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

4. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. We process your personal data on the following lawful grounds:

Consent: Where you have given us clear consent to process your personal data for a specific purpose.
Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: Where processing is necessary for compliance with a legal obligation that we are subject to.
Legitimate Interests: Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests, rights, or freedoms.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data
Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

6. International Data Transfers

If we transfer your personal data to countries outside the EU and EEA, we ensure that appropriate safeguards are in place to protect your personal data, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs)
Certification mechanisms like the EU-US Privacy Shield (when applicable)

7. Data Protection Officer

Although we may not be required to have a Data Protection Officer (DPO) under the GDPR, we have designated a point of contact for data protection matters to ensure compliance with the GDPR and to address any questions or concerns you may have regarding your personal data.

8. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

10. Children's Privacy

Our service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

11. Contact Us

If you have any questions about this GDPR Compliance Statement or would like to exercise any of your rights under the GDPR, please contact us at gdpr@vidluxai.com.

12. Complaints

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The supervisory authority in the place of your habitual residence, place of work, or place of the alleged infringement will be able to assist you.