Introduction
Magic Carpet Labs (referred to as “the Studio”) is committed to protecting the personal and sensitive data of its employees, clients, collaborators, and other
stakeholders. This policy outlines how the Studio collects, uses, stores, and secures data in compliance with relevant data protection laws and regulations.
Scope of the Policy
This policy applies to:
• All employees, contractors, freelancers, and interns of the Studio.
• All personal data and confidential information processed, regardless of format (digital or physical).
• All activities involving data collection, usage, storage, and disposal.
Personal Data We Collect
The Studio collects and processes the following types of data:
Employee Data: Personal information such as names, contact details, tax information, and bank details for payroll.
Client Data: Project details, contact information, and business agreements.
Production Data: Scripts, storyboards, creative assets, and other intellectual property.
Third-Party Data: Data from vendors, collaborators, and subcontractors.
Lawful Basis for Data Processing
Legal Basis for Processing Data
The Studio processes data based on the following lawful grounds:
Consent: Explicit consent obtained from individuals for specific purposes.
Contractual Necessity: Data required to fulfil contractual obligations.
Legitimate Interests: Processing data to support Studio operations and safeguard intellectual property.
Legal Obligation: Compliance with legal and regulatory requirements.
Data Use and Retention
Data is used only for its intended purpose, including:
• Managing employee records.
• Delivering services to clients.
• Protecting creative and intellectual property.
• Meeting legal and financial obligations.
Retention periods are defined based on the type of data:
• Employee and payroll records: 7 years post-employment.
• Client contracts and production
Data Storage and Security
The Studio takes appropriate technical and organizational measures to ensure the security of personal data. We implement security protocols such as encryption,
access controls, and secure storage to protect data from unauthorized access, alteration, or destruction.
Personal data is stored securely and only accessible to authorised personnel. Data is retained only as long as necessary for the purposes for which it was collected, or
as required by law.
Data Sharing and Disclosure
We will not share personal data with third parties unless:
The individual has given consent.
● It is necessary for providing our services (e.g., certification authorities,
employment platforms).
● It is required by law, regulatory bodies, or legal proceedings.
● It is necessary to protect the rights or safety of the individual or others
Data Breaches
The Studio has implemented procedures for identifying, reporting, and responding to personal data breaches. In the event of a data breach that poses a
risk to the rights and freedoms of individuals, we will notify the relevant authorities and affected individuals without undue delay, in line with legal requirements.
Training and Awareness
All staff and individuals involved in processing personal data will receive training on data protection principles and the importance of safeguarding personal
information. Ongoing awareness programs will be conducted to ensure compliance with this policy.
Third-Party Processors
Where we engage third-party service providers to process personal data on our behalf, we ensure that they comply with data protection regulations and our data protection standards through contracts and audits.
Changes to this Policy
Where we engage third-party service providers to process personal data on our behalf, we ensure that they comply with data protection regulations and our data
protection standards through contracts and audits.