At Visualnet we respect your privacy and are committed to protecting your personal data. This Policy explains how we collect, use and protect your information in accordance with the General Data Protection Regulation (GDPR) and applicable data protection law.
1. Data Controller
Company name: Production Lifecycle Management, S.L.
Activity: B2B film and TV production services directory and procurement platform
Privacy contact: privacidad@visualnet.com
Supervisory authority: Spanish Data Protection Authority (AEPD) — www.aepd.es
2. Personal data we process
2.1 Registration and account data
- First and last name of the registered user.
- Email address (account identifier).
- Password (stored as a bcrypt hash — never in plain text).
- Name and details of the company to which the user belongs.
- Country and city.
2.2 Platform usage data
- Projects, requests for quotation (RFQs) and bids created or received.
- Activity log in the audit trail (actions on projects and tenders, with timestamp and SHA-256 hash).
- Wallet transaction history (amounts, dates, references).
- IP address and session data (managed with TLS 1.2+ encryption in transit).
2.3 Billing data
- Account holder name and billing details (company, tax ID, address).
- Credit card data: Visualnet does not store card data. Payment processing is handled by Stripe, Inc., a PCI DSS certified provider. We only store the Stripe customer token and the last 4 digits of the card for reference.
2.4 Data in the Studio & Auditor Programme
Under the Studio & Auditor Programme, Visualnet may process personal data of the client's employees, contractors and suppliers that appear in project documentation and RFQs. In this context, Visualnet acts as Data Processor and the client as Data Controller. The conditions of this processing are formalised through the corresponding Data Processing Agreement (DPA).
3. Purpose and legal basis for processing
- Performance of the contracted service (basis: contract performance, Art. 6.1.b GDPR): account, project, RFQ, bid and billing management.
- Compliance with legal obligations (basis: Art. 6.1.c GDPR): retention of accounting, tax and audit trail records as required by applicable law.
- Legitimate interest (basis: Art. 6.1.f GDPR): platform security, fraud prevention, service improvement and aggregated usage analysis.
- Marketing communications (basis: consent, Art. 6.1.a GDPR): sending news and marketing communications where the user has given express consent. This consent may be withdrawn at any time.
4. Recipients of personal data
Visualnet does not sell or transfer personal data to third parties for commercial purposes. Data may be disclosed to:
- Technology service providers acting as data processors: Amazon Web Services (cloud infrastructure, EU-West-1 region), Stripe (payments), and transactional email providers, all with appropriate safeguards.
- Public authorities, when required by law or court order.
- Designated auditors in the Studio & Auditor Programme, with read-only access to the procurement process audit trail, on the terms agreed contractually.
5. International transfers
Data is stored on Amazon Web Services servers located in the EU-West-1 region (Ireland), within the European Economic Area. Stripe, Inc. adheres to the EU-U.S. Data Privacy Framework. Any transfer outside the EEA is carried out with appropriate safeguards in accordance with Art. 46 GDPR.
6. Retention periods
- Active account data: for the duration of the contractual relationship.
- Data after account closure: retained for 5 years to handle possible contractual claims, and 10 years to meet tax and accounting obligations.
- Audit trail (NISR 4400 records): minimum 7 years from the project date, in compliance with applicable audit standards.
- Billing data: 10 years in accordance with Spanish tax regulations.
7. Your rights
As a data subject, you have the following rights regarding the processing of your personal data:
Access
Obtain confirmation of whether we process your data and access it.
Rectification
Request the correction of inaccurate or incomplete data.
Erasure
Request deletion of your data when it is no longer necessary.
Restriction
Request suspension of processing in certain circumstances.
Portability
Receive your data in a structured, commonly used format.
Objection
Object to processing based on legitimate interest or for direct marketing.
To exercise any of these rights, send a written request to privacidad@visualnet.com stating the right you wish to exercise and enclosing a copy of your identity document. We will respond within a maximum of one month.
If you consider that the processing of your data infringes applicable regulations, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at www.aepd.es.
8. Security measures
Visualnet applies appropriate technical and organisational measures to ensure the security of personal data, including:
- TLS 1.2+ encryption for all communications in transit.
- AES-256 encryption for data stored at rest.
- Role-based access control (RBAC) with the principle of least privilege.
- Data segregation per tenant (secure multi-tenant architecture).
- Audit trail with chained, immutable SHA-256 hashes.
- Regular backups with retention on AWS S3.
- Continuous monitoring and vulnerability management.
9. Cookies
We use only strictly necessary technical cookies for the operation of the Platform. We do not use tracking or analytics cookies. For more information, please see our Cookie Policy.
10. Changes to this Policy
We may update this Privacy Policy periodically. We will notify registered users of significant changes by email at least 30 days in advance. The updated version will always be available on this page with the date of last update.