MAD JON PRODUCTIONS SRL (referred to as “MAD JON”, “Editelling”, “we”, “us”, or “our”), a company registered in Romania, operates the website https://editelling.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website, register an account, place an order, or use our video editing services.

We act as the data controller for the personal data we collect directly from you. For business customers who upload client footage for editing, we process data on your behalf as a data processor—see our separate Data Processing Addendum (DPA) below for details.

By using the Service, you consent to the practices described in this Policy. We do not and will not sell your personal data to third parties.

Information We Collect

We collect personal data you provide directly, as well as data collected automatically:

• Account & Contact Details: Name, email address, phone number, and billing/shipping address when you register, place an order, or contact support.

• Payment Details: Processed securely via Stripe. We do not store or have access to your full credit card details.

• Customer Content: Video footage, graphics, audio, or other content you upload for editing. Note: We process this content strictly to provide the requested services. We do not use facial recognition, biometric identification, or AI training technologies on your footage unless specifically contracted and consented to do so.

• Usage Data (Automatic): IP address, browser type/version, device information, pages visited, and time spent on the site.

• Cookies: Essential, preference, and security cookies, plus analytics tools.

Sources: We collect this data directly from you, automatically via cookies and tracking tools, and from trusted third parties like our payment processors.

How We Use Your Data

We use your data for the following purposes:

• Service Delivery: To provide, maintain, and improve the Service (e.g., process orders, edit videos).

• Communication: To send service updates, support responses, or marketing materials (you may opt out of marketing at any time).

• Quality Assurance: To perform quality assurance and internal training (using anonymized or explicitly authorized footage).

• Security: To analyze usage patterns, prevent fraud, and fix technical issues.

• Compliance: To comply with legal obligations, such as maintaining billing and tax records.

Legal Bases for Processing (EEA/UK Users)

Under the GDPR and UK GDPR, we rely on the following legal bases:

• Contract: To fulfill our obligations under our Terms of Service (e.g., delivering edited videos).

• Legitimate Interests: For site security, analytics, and Service improvement (provided these interests are not overridden by your data protection rights).

• Consent: For sending marketing emails and placing non-essential cookies. You can withdraw this at any time.

• Legal Obligation: For mandatory tax and accounting record-keeping.

Cookies and Tracking

We use cookies to ensure our site works correctly and to understand how you use it:

• Essential cookies: Required for site functionality and checkout.

• Analytics cookies: E.g., Google Analytics (IP addresses are anonymized; opt-out is available).

• Functional cookies: E.g., Contentful for content management.

Non-essential cookies require your active consent via our cookie banner. You can manage your preferences at any time via your browser settings or our site's cookie management tool.

Sharing Your Data

We share data only with trusted partners necessary to run our business:

• Service Providers (Sub-processors): Stripe (payments), Contentful (content management), Dropbox/Google Drive (secure file uploads), and Google Analytics (usage data).

• Professional Advisors: Accountants, lawyers, or other advisors for legal and business needs.

• Authorities: Only if formally required by law or to protect our legal rights.

We do not sell your data. All third-party processors are bound by strict data protection agreements.

International Data Transfers

As a Romanian company using global tools, your data may be transferred outside the European Economic Area (EEA) (e.g., to US-based servers for Stripe or Google). When we transfer data, we ensure it is protected by appropriate safeguards, primarily relying on the EU Standard Contractual Clauses (SCCs) (Module 2 or 3, 2021) or applicable adequacy decisions (such as the EU-US Data Privacy Framework, where the recipient is certified).

Data Retention

We keep your data only as long as necessary:

• Account/Order Data: For the duration of our relationship, plus applicable legal retention periods (e.g., up to 10 years for tax/billing records in Romania).

• Support Tickets: Until the issue is resolved, or until you request deletion.

• Usage Logs: Retained for a maximum of 26 months.

• Backups: If you request deletion of your data, please note that residual copies may remain in our encrypted, off-site system backups for up to 30 days until the next automated overwrite cycle.

Data Security

We implement robust security measures, including SSL encryption, restricted access controls, and industry-standard protocols for file storage. While we strive to protect your data, no system is 100% secure. If you have any security concerns, please contact us.

Your Rights (GDPR / General)

Depending on your location, you have the right to:

• Access, correct, or delete your personal data.

• Restrict or object to certain types of processing.

• Request data portability in a standard digital format.

• Withdraw consent for marketing or cookies at any time.

• Lodge a complaint: If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority, or our lead supervisory authority in Romania: the National Supervisory Authority for Personal Data Processing (ANSPDCP).

To exercise these rights, contact us at alex@editelling.com. We will respond to verified requests within 30 days (extendable by an additional two months for complex requests).

California Residents (CCPA/CPRA)

In the past 12 months, we have collected the following categories of personal information:

Identifiers, Financial Info, Usage Data, Content;

Examples of information collected: Name, Email, IP address, Billing details, Browsing activity, Uploaded files (video/audio), Messaging.

For the following purposes: Service Provision, Support, Payment Processing, Analytics, Site Improvement, Delivering Editing Services.

Your California Rights:

We do not sell or share your personal information for monetary value. However, you have the right to Know (access), Delete, Correct, Opt-Out of automated profiling, and Limit the Use of Sensitive Personal Information. We will not discriminate against you for exercising these rights. To submit a request, email alex@editelling.com.

Children

Our Service is intended for users 18 and older. We do not knowingly collect personal data directly from children under 18 without verifiable parental consent.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Effective Date." Please check back periodically.

Data Processing Addendum (DPA) for B2B Customers

This DPA supplements our Terms of Service when you (the Customer acting as a Data Controller) engage MAD JON PRODUCTIONS SRL (acting as a Data Processor) to process Customer Personal Data (e.g., client footage containing identifiable individuals). This DPA ensures compliance with Article 28 of the GDPR. Capitalized terms follow GDPR definitions unless defined otherwise.

1. Definitions

• Customer Personal Data: Any personal data contained within the media files or instructions you provide to us for processing.

• Sub-processor: Third-party service providers engaged by us to facilitate the Services (e.g., cloud storage platforms).

2. Processing Details & Controller's Warranty

We will process Customer Personal Data solely in accordance with your documented instructions (via our Terms of Service or order forms). The purpose of processing is strictly limited to providing video editing and related support services.

• Controller's Warranty: You (the Customer) warrant that you have obtained all necessary lawful bases, consents, and have provided all required notices to data subjects (e.g., individuals appearing in the video footage) prior to transferring Customer Personal Data to us for processing.

3. Sub-processors

You grant us general authorization to engage Sub-processors. Our current Sub-processors include Dropbox, Google Drive, Stripe, Contentful, and Google (Analytics).

• Notification of Changes: We will notify you (via email or a clear update on our website) at least 30 days before adding or replacing a Sub-processor, giving you the opportunity to object. All Sub-processors are bound by data protection obligations equivalent to those in this DPA.

4. Security & Personal Data Breach Notification

We maintain industry-standard technical and organizational measures (encryption, access controls) to ensure a level of security appropriate to the risk.

• Breach Notification: In the event of a confirmed Personal Data Breach affecting Customer Personal Data, we will notify you without undue delay, and in any event within 72 hours of becoming aware of the breach, to assist with your own notification obligations.

5. Data Subject Rights & Audits

We will assist you, insofar as possible and at your reasonable expense, in responding to requests from data subjects exercising their rights under the GDPR. We will also make available to you the information necessary to demonstrate compliance with this DPA and allow for and contribute to audits conducted by you or your mandated auditor.

6. International Transfers

If Customer Personal Data is transferred outside the EEA to a country not recognized as providing an adequate level of protection, such transfers will be governed by the standard contractual clauses adopted by the European Commission (Module 2: Controller-to-Processor), which are incorporated herein by reference.

7. Deletion or Return of Data

Upon termination or completion of the Services, and at your choice, we will securely delete or return all Customer Personal Data, except where EU or Member State law requires further storage. Data may temporarily persist in secure backup systems for up to 30 days.

8. Liability

Each party’s liability arising out of this DPA is subject to the limitations of liability set forth in the overarching Terms of Service.
Governing Law: This DPA shall be governed by the laws of Romania and applicable EU law.

Contact Us

MAD JON PRODUCTIONS SRL

Alexandru Ioan Ion
Email: alex@editelling.com ; madjon.visuals@gmail.com