GDPR Compliance

Last Updated: April 23, 2026

Puntasotto Production is committed to protecting the privacy and personal data of all individuals, including those in the European Economic Area (EEA). This page outlines our compliance with the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Your Rights Under GDPR

If you are a resident of the EEA, you have the following rights:

• Right to Access: You can request copies of your personal data
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data under certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request transfer of your data to another organization
• Right to Object: You can object to our processing of your personal data
• Rights Related to Automated Decision-Making: You have protections against decisions based solely on automated processing

Data Controller

Puntasotto Production acts as the data controller for personal information collected through our website and services. Our contact details are:

Puntasotto Production
1247 Bay Street, Suite 402
Toronto, ON M5R 2B3
Canada
Email: [email protected]

Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you may contact our designated Data Protection Officer at [email protected].

Data Transfers

We are based in Canada, and your personal data may be processed outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Other legally compliant transfer mechanisms

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods vary depending on:

• The nature of the data
• The purpose for which it was collected
• Legal and regulatory requirements (including tax and accounting standards)
• Our legitimate business interests

Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication procedures
• Regular security audits and assessments
• Employee training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Cookies and Tracking

We use cookies and similar technologies in compliance with GDPR requirements. You have control over cookie settings and can withdraw consent at any time. For detailed information, please see our Cookies Policy.

Third-Party Processors

We may engage third-party service providers to process data on our behalf. These processors are contractually obligated to:

• Process data only according to our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Comply with GDPR requirements

Children's Data

We do not knowingly collect or process personal data from children under the age of 16 without parental consent, as required by GDPR.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, or inform you if we need additional time (up to two additional months for complex requests).

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority in the EEA.

Updates to This Statement

We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: 1247 Bay Street, Suite 402, Toronto, ON M5R 2B3, Canada