PRIVACY POLICY

Last updated: [add date]

1. Introduction

This Privacy Policy explains how we collects, uses, stores, and protects personal data when you visit or interact with https://bramafilm.com (the “Website”).

We take personal integrity and data protection seriously. We only collect what is necessary, we never sell personal data, and we comply fully with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Who We Are

Website: https://bramafilm.com
Contact: mattias [at] brama [dot] se

Brama is responsible for the processing of personal data described in this policy (the “Data Controller”).

3. Purpose of the Website

The purpose of this website is to:

Present Brama Film and its services
Showcase completed projects and portfolio work
Educate visitors within film production and storytelling
Create new professional relationships and maintain existing ones

4. What Personal Data We Collect and Why

4.1 Comments

When visitors leave comments on the Website, we collect:

Information provided in the comment form
The visitor’s IP address
Browser user agent string

This data is collected to enable commenting functionality and to assist with spam detection.

An anonymized hash generated from your email address may be sent to the Gravatar service to determine whether you have a registered profile.
Gravatar’s privacy policy is available at: https://automattic.com/privacy/

Once approved, your comment and profile image (if applicable) are publicly visible.

4.2 Media Uploads

If you upload images to the Website, you should avoid uploading images that contain embedded location data (EXIF GPS). Visitors may be able to download and extract such data from images published on the site.

4.3 Contact Forms

If you submit your contact details via a form on the Website, we interpret this as your request to be contacted for professional or business-related purposes.

We use the information you provide solely to:

Respond to your enquiry
Establish or maintain a professional relationship

This processing is based on legitimate interest under GDPR.

5. Cookies

5.1 Comment Cookies

If you leave a comment, you may choose to save your name, email address, and website in cookies for convenience. These cookies last for one year.

5.2 Login Cookies

If you log in to the Website:

A temporary cookie is set to verify cookie acceptance (deleted when the browser closes)
Login cookies last two days
Display preference cookies last one year
Selecting “Remember Me” extends login cookies to two weeks

Logging out removes login cookies.

5.3 Editing Cookies

If you edit or publish content, an additional cookie is stored containing the post ID only. It expires after 24 hours and contains no personal data.

6. Embedded Content from Other Websites

Articles on this Website may include embedded content (e.g. videos, images, articles).

Embedded content behaves exactly as if you had visited the originating website directly. These external websites may:

Collect data about you
Use cookies
Embed third-party tracking
Monitor your interaction with embedded content

This applies particularly if you are logged in to those external platforms.

7. Analytics and Marketing Tools

We use industry-standard tools to understand website performance and improve user experience, including:

Google Tag Manager
HubSpot CRM (https://www.hubspot.com)

These tools may process anonymized or pseudonymized data. HubSpot complies with GDPR and applicable data protection legislation.

8. Who We Share Your Data With

We do not sell or share personal data with third parties.

The only exception is the use of trusted service providers (such as HubSpot) acting as data processors, under strict data processing agreements and GDPR compliance.

9. How Long We Retain Your Data

Comments: Stored indefinitely to allow automatic approval of follow-up comments
Registered users (if any): Profile data is stored until deleted by the user or administrator

Users can view, edit, or delete their personal data at any time (except usernames). Website administrators can also manage this data.

10. Your Rights Under GDPR

You have the right to:

Request access to your personal data
Request correction of inaccurate data
Request deletion of your personal data
Request a copy (data export) of your personal data
Object to or restrict certain processing

These rights do not apply to data we must retain for legal, administrative, or security purposes.

11. Where Your Data Is Sent

Visitor comments may be checked through automated spam detection services.

12. Data Deletion Requests

If you wish to have your personal data deleted, please email:

mattias [at] brama [dot] se
Subject line: “Please delete my personal data”

This ensures the request is legitimate and processed correctly.

13. Updates to This Policy

This Privacy Policy may be updated from time to time to reflect legal or operational changes. The latest version will always be available on this page.

14. Contact

If you have questions about this Privacy Policy or how your data is handled, please contact:

Mattias Brännholm
CEO
Brama