Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), the following General Data Privacy Policy regulates the processing of personal data requested or obtained by Trendstastic (hereinafter, “Trendstastic”) as a consequence of your registration on our website through the standard registration form.

This policy contains important information about the processing of your personal data as well as your related rights. If you have any questions or need clarification, you may contact us as described below.

Trendstastic reserves the right to modify this General Data Privacy Policy at any time.

This Privacy Policy explains how Trendstastic (“we”, “us”, “Trendstastic”) collects, uses, stores and shares personal data when you use our website https://trendstastic.com and related services. This policy includes important information about our use of Google / YouTube APIs, user rights, and how to revoke access and request deletion of data.

The data you provide must be true, accurate, complete, and up-to-date. You are responsible for any direct or indirect damages that may arise from failing to comply with this obligation. Our website and the services offered therein are not intended for persons under 18 years old. By completing and submitting any of the forms on our website, you confirm and guarantee that you are at least 18 years old.

WHO COLLECTS AND IS RESPONSIBLE FOR YOUR DATA?

  • Entity: Trendstastic

  • VAT Number: GB123456789

  • Postal Address: 12 Denmark Street, Soho, London WC2H 8LS, United Kingdom

  • Data Protection Officer (DPO): Jane Doe

  • Email: dpo@trendstastic.com

WHAT WILL WE DO WITH YOUR DATA?

a) Manage your registration: We will use your personal data to complete the registration process, control user access, and manage our relationship with you.

b) Send commercial communications: If you expressly consent during the registration process, your data will be used to send you personalized marketing communications, as explained below.

c) Provide a personalized service tailored to your profile, geographical location, preferences, and tastes.

d) Define user typologies, segmentations, and profiles, as well as provide, manage, administer, expand, and improve the services and/or content offered by Trendstastic through analysis of user service utilization.

e) Show editorial or commercial information specifically designed for the inferred profile based on your use of Trendstastic’s services, both on our own platforms and third-party services with which Trendstastic has agreements. Such profiles may also be inferred based on the geographical location of the device or terminal you use to access Trendstastic’s services; however, prior and specific authorization will always be requested to process such information.

f) Design new services that may interest you.

g) Manage incidents and maintenance of Trendstastic’s services.

h) We use the YouTube Data API v3 only with explicit user consent (OAuth scopes requested during sign-in).

i) Data obtained from Google APIs is used only to provide and improve Trendstastic’s services (profile enrichment and personalized recommendations).

j) You can revoke Google access at any time (instructions below) and request deletion of your stored data (instructions below).

k) For more information on Google’s processing, see the Google Privacy Policy: https://www.google.com/policies/privacy and YouTube Terms of Service.

MAY WE SEND YOU MARKETING COMMUNICATIONS?

Trendstastic wishes to keep you informed about our products and services by sending informational, commercial, and marketing communications via email or other electronic channels based on the personal data you have shared with us. By checking the box “I would like to receive marketing communications,” you authorize the processing of your personal data for this purpose. You may revoke this consent at any time simply by sending us an email at dpo@trendstastic.com with the subject line “Exercise of GDPR rights: unsubscribe from marketing communications” and attaching a copy of your ID, passport, or any valid document proving your identity. Revocation of this consent will not affect other purposes such as managing your registration.

WHAT DATA DO WE REQUEST AND HOW DO WE PROCESS IT?

The data that Trendstastic obtains and processes may include some or all of the following categories:

  • Full name

  • Current employer and job position

  • Email address

We require that you provide the mandatory personal data to complete your registration on our website. Additionally, subject to your consent, more advanced data may be collected depending on the social networks involved, always complying with their respective policies.

We may collect or process, on behalf of our clients, the following categories of personal data when you use or interact with our products and services.

The use and transfer of information received from Google APIs to any other application will adhere to the Google API Services User Data Policy, including the requirements for limited use.

When you register or sign in with Google, and only with your explicit consent, we may collect:

  • Public YouTube subscriptions (subscriptions.list), public playlists (playlistItems.list), and basic channel/video metadata (channels.list, videos.list) for the purpose of inferring interests and generating personalized recommendations.

  • Standard registration data (name, email, any fields you provide).
    We use this data to: manage registration and access; build and maintain interest profiles; power personalized recommendations; improve and secure the service; and, where you consent, to send marketing communications.

Use of Google / YouTube API Services

  • We use the YouTube Data API v3 under the Google API Services User Data Policy (including Limited Use requirements). Data obtained from YouTube APIs is used solely for Trendstastic features (profile enrichment, recommendations) and is not sold or used for advertising outside the specified purposes.

  • Access scope is minimized: we only request scopes strictly required for the described functionality.

How often we refresh, update and delete API data

  • Caching & refresh: data used for recommendations is cached on our servers with a TTL between 6 and 24 hours, and we run nightly synchronization jobs (every 24 hours) to refresh user profiles and detect new uploads or content changes.

  • Deletion on revoke or request: if a user revokes Trendstastic’s Google access via Google account settings or requests deletion via our DPO, we will delete YouTube API-derived data from our active systems immediately and fully remove it from backups within 30 days. In urgent cases we remove the data within 24 hours.

  • Retention period: default retention: up to five (5) years for account-related data unless the user requests earlier deletion or where law requires otherwise.

WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

The legal basis for the processing described is:

  • The processing of personal data to manage subscription/registration, administration, and management of your user account: the legal basis is the consent granted at the moment of voluntary registration.

  • The processing of personal data to send commercial communications: the legal basis is the consent granted for this purpose, and lack or withdrawal of this consent does not affect the subscription or registration process.

Legal basis for processing
Processing is based on: (a) your consent when you sign up/authorize via Google; (b) where applicable, the performance of a contract to provide the service; and (c) our legitimate interests for service security, fraud prevention and platform improvement, balanced against your rights.

IS THIS PROCESSING LEGITIMATE?

The consent to process your personal data that we request during registration constitutes the legal basis legitimizing the processing.

DATA RETENTION PERIOD

Your personal data will be retained for five (5) years and subsequently sent for review and/or deletion.

DATA SHARING WITH THIRD PARTIES

To optimally provide the services offered through our website, Trendstastic may require trusted third-party providers to access your personal data as data processors under our control, only to the extent strictly necessary for the provision of contracted services. Such data processors operate under service contracts containing GDPR-compliant terms, conditions, and guarantees. Trendstastic carries out corresponding controls, inspections, and audits to verify compliance.

By accepting this Privacy Policy, you understand that some of these service providers may be located outside the European Economic Area (EEA) and therefore may not offer the same level of data protection. Trendstastic has adopted adequate measures and guarantees in accordance with the European Data Protection Regulation, including data transfer agreements based on the Standard Contractual Clauses approved by the European Commission.

Furthermore, Trendstastic may disclose or communicate personal data to comply with obligations to Public Authorities, Law Enforcement Agencies, or Judicial Bodies as required by law.

We may share data with trusted processors necessary to deliver the service (hosting, analytics, payment processors). Any processors are bound by GDPR-compliant contracts (including Standard Contractual Clauses where applicable). We do not transfer data to third parties for advertising beyond the purposes you consented to.

WHAT RIGHTS DO YOU HAVE WHEN SHARING YOUR DATA WITH US?

The legal basis for the processing described is:

  • Obtain confirmation on whether Trendstastic is processing personal data concerning you.

  • Access your personal data.

  • Request correction of inaccurate or incomplete data.

  • Request deletion of your personal data when no longer necessary for the purposes collected.

  • Request restriction of processing in certain circumstances, in which case we will only retain data legally required.

  • Object to processing for marketing communications, including profiling for such purposes.

  • Request portability of your data when processed by automated means, to receive it in a structured, commonly used format, and to transmit it to another controller when technically feasible.

  • Withdraw your consent to one or more processing activities at any time, without affecting the lawfulness of processing based on consent before withdrawal.

  • File a complaint with the relevant Data Protection Authority.

How to request deletion of your data
To request deletion of stored personal data (including YouTube API data), email dpo@trendstastic.com, with the subject “Data Deletion Request” and include a copy of a photo ID. We will confirm receipt and complete deletion from live systems within 24 hours and purge backups within 30 days, unless legal obligations require retention.

How to revoke Google access
Users may revoke Trendstastic’s access to their Google account at any time via Google Security settings:

  1. Visit https://myaccount.google.com/security (or https://security.google.com/settings/)

  2. Under “Third-party apps with account access” / “Manage third-party access”, find Trendstastic and click Remove access.
    Alternatively, email dpo@trendstastic.com with subject “Revoke Google access” and we will assist and confirm deletion.

If you need any clarification or assistance regarding this Privacy Policy, please do not hesitate to contact us at dpo@trendstastic.com.

Privacy Policy Terms and Conditions Legal Notice Cookies Policy