Privacy
Policy
How Serious Factory collects, processes, and protects your personal data within the SF Studio service — in compliance with GDPR.
Data Controller
The data controller for personal data collected via the SF Studio service is:
Data Collected
2.1 Contact and Identification Data
Name, first name, professional email address, phone number, company name, company address, job title.
2.2 Project-related Data
Content of pedagogical briefs transmitted, business elements provided for production (texts, scripts, documents), exchanges related to project follow-up.
2.3 Data from AI Demo
The topics and pedagogical objectives entered into the AI concept generator are transmitted to our engine for content generation. This data is not retained beyond the session, unless you explicitly request commercial follow-up.
Purposes and Legal Bases
The table below summarizes all processing carried out by Serious Factory:
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Responding to contact and quote requests | Legitimate Interest | 3 years after last contact |
| Execution of the SF Studio service | Contract Execution | Contract duration + 5 years |
| Sending commercial communications | Consent | Until withdrawal |
| Service improvement and statistical analysis | Legitimate Interest | 13 months |
| Legal and accounting obligations | Legal Obligation | 10 years |
Data Recipients
Your personal data is intended for Serious Factory's internal teams (sales, production, management). It may be transmitted to subcontractors strictly within the framework of service execution:
- Hosting and cloud infrastructure providers
- CRM and project management tools
- Artificial intelligence API providers
- Emailing tools (commercial communications)
Commitment: Your data is never resold to third parties for commercial purposes. Serious Factory ensures that its subcontractors provide sufficient guarantees in accordance with GDPR.
Transfers outside the European Union
Some subcontractors (notably AI API providers) may be established outside the EU. In this case, Serious Factory ensures that these transfers are governed by appropriate safeguards: standard contractual clauses from the European Commission or an adequacy decision.
Your Rights
In accordance with GDPR and the French Data Protection Act, you have the following rights:
Right of Access
Obtain confirmation and a copy of your data.
Right of Rectification
Correct inaccurate or incomplete data.
Right to Erasure
Request the deletion of your data.
Right to Object
Object to processing based on your situation.
Right to Portability
Receive your data in a structured format.
Withdrawal of Consent
Withdraw your agreement at any time.
To exercise your rights: dpo@seriousfactory.com
You also have the right to lodge a complaint with the CNIL — www.cnil.fr
Data Security
Serious Factory implements appropriate technical and organizational measures to protect your data against loss, unauthorized access, disclosure, alteration, or destruction.
These measures include encryption of data in transit and at rest, strict access control, as well as regular security audits.
Policy Updates
Serious Factory reserves the right to modify this privacy policy at any time. The update date at the top of the document will be updated with each change.
We invite you to consult this page regularly to stay informed of any changes.
Contact and Complaints
For any questions regarding this policy or to exercise your rights:
Attn: Data Protection Officer
Question about your data?
Our team responds to all requests within 30 days, in accordance with GDPR.