Data Processing & GDPR

1. Roles & Responsibilities

Depending on the engagement, Margin Media may act as:

• A data controller for information we collect directly through our own websites and services; and/or
• A data processor when handling data on behalf of clients in connection with building, operating, or optimizing their digital properties.

When we act as a processor, our use of personal data is limited to the documented instructions of the client (controller), as outlined in the relevant agreements or data processing terms.

2. Types of Data Processed

The data we may process, either as controller or processor, generally includes:

• Basic contact details (e.g., name, email) submitted via forms or direct communication.
• Usage and analytics data related to website visits, content interactions, and performance.
• Creator- or client-supplied data, such as transcripts, media files, and content required to build or operate digital assets.

We do not intentionally collect sensitive categories of personal data unless explicitly required and agreed upon with a client, in which case additional protections may apply.

3. Legal Bases for Processing

When GDPR applies, our processing of personal data is typically based on one or more of the following legal bases:

• Contractual necessity – to perform obligations under a contract or service agreement.
• Legitimate interests – to operate, secure, and improve our services in a way that does not override user rights and freedoms.
• Consent – where required for certain analytics, marketing, or non-essential cookies, and where such consent can be withdrawn.
• Legal obligations – to comply with applicable laws or regulatory requirements.

4. Data Processing on Behalf of Clients

When building or operating creator or business properties, Margin Media may process data strictly for the purpose of delivering those services. In such cases:

• We follow the client's documented instructions.
• We implement appropriate technical and organizational measures to protect the data.
• We do not use client data for unrelated purposes such as independent marketing or resale.

Specific details of processor obligations, sub-processors, and data locations will be outlined in formal Data Processing Agreements (DPAs) or equivalent documentation.

5. Data Storage & Security

Data may be stored on trusted hosting providers and cloud services, potentially in multiple regions, depending on client needs and our infrastructure. We implement reasonable safeguards to protect data against unauthorized access, alteration, or loss.

Despite these efforts, no system can be guaranteed entirely secure. We encourage clients and users to adopt strong security practices on their side as well.

6. International Transfers

Where data is transferred outside of the European Economic Area (EEA), we aim to ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, to protect personal data in line with GDPR requirements.

7. Data Subject Rights (GDPR)

When GDPR applies and Margin Media acts as controller, individuals may have certain rights over their personal data, including:

• Right of access to personal data we hold about you.
• Right to request correction or updates.
• Right to request deletion in certain circumstances.
• Right to restrict or object to certain types of processing.
• Right to data portability where applicable.

When we act solely as processor, requests should generally be directed to the relevant controller (our client), and we will support them in fulfilling those requests as required.

8. Sub-Processors

We may engage vetted third-party vendors (sub-processors) to support hosting, analytics, error monitoring, or other operational needs. These providers are contractually obligated to process data only as necessary to provide their services and to maintain appropriate security measures.

9. Relationship to Other Policies

This page should be read together with our Privacy Policy and Cookie Policy, which provide additional details about how we collect, use, and store information.

10. Contact

If you have questions about data processing, GDPR, or how these principles apply to your engagement with Margin Media, please contact us via our contact page.