StudioNeural: Modern Privacy & Data Governance Notice

Financial Year 2026 | Published: February 2026

Compliance Frameworks: UK GDPR, EU AI Act 2026, ISO 27001:2022, SAG-AFTRA AI Provisions.

1. Introduction & Governance

StudioNeural ("we," "us," or "our") is a UK-based creative studio specialising in AI-driven VFX. We are committed to protecting the privacy and security of your personal information. In accordance with ISO 27001 compliance, we ensure the Confidentiality, Integrity, and Availability of all data through strict access controls, encryption (AES-256), and robust data lineage tracking.

2. Types of Information We Process

We collect and process personal data from various sources, including direct interactions, website usage, professional engagements, and open-source academic and/or licensable training data sets:

Identity & Contact: Name, address, phone numbers, email addresses, social media handles, date of birth, and job title.

Professional Data: Marketing preferences, expressions of interest in events, and job-related interactions.

Media Assets: Photographs and videos, including high-resolution performance capture for VFX production.

Technical Data: Diagnostics (errors, system statuses), traffic, and location information from devices used to access StudioNeural content.

AI Training Data: Synthetic or real-world datasets used to train our proprietary AI models.

3. How We Use Your Information (Legal Basis)

We process your data under the following legal frameworks:

A. Legitimate Interests

Communication: Responding to queries from the public, media, and investors.

Business Growth: Advertising, marketing, public relations, and market research.

Event Management: Coordinating and administering StudioNeural events, including capturing promotional media.

Industry Recognition: Promoting our team by listing cast/crew credits and nominating staff for awards.

Security: Monitoring service communications to improve quality and protecting our network from unauthorised access or fraud.

B. Legal & Regulatory Obligation

Compliance Monitoring: Maintaining records to demonstrate adherence to Data Protection legislation and ISO standards.

Government Requests: Responding to lawful requests from law enforcement or regulators (e.g., the UK ICO or Financial Conduct Authority).

C. Explicit Consent

Direct Marketing: Where you have opted-in to receive electronic communications.

Performance Capture: Explicit consent is required for the creation of Digital Replicas (see Section 4) and/or any use of likeness (audio or visual) data provided to StudioNeural by Clients.

4. AI & Performer Protections (EU AI Act & SAG-AFTRA)

As an AI-first studio, we implement specific safeguards for synthetic media:

Digital Replicas (SAG-AFTRA): We will never create a digital replica of a performer's likeness or voice without a separate, clear, and conspicuous concent from talent or rights holder(s).

AI Transparency (EU AI Act): All AI-generated or "deepfake" content created by StudioNeural for public social media platforms is digitally watermarked or labeled in metadata as synthetic.

High-Risk AI: Any AI systems used for biometric or performance analysis undergo a Fundamental Rights Impact Assessment (FRIA).

Artistic Exemption: We may process data for artistic purposes in the public interest (e.g., production exploitation) which may be exempt from certain GDPR requirements; however, we strive for maximum compliance in all creative workflows.

5. Sharing & International Transfers

StudioNeural operates globally, with offices in London (UK), Kathmandu (Nepal), and Bangalore (India).

Third Parties: We share data with IT providers, marketing agencies, freelancers, and travel partners. These partners must act strictly under our instructions.

International Safeguards: Transfers between the UK and our offices/partners in Nepal or India are governed by the UK International Data Transfer Agreement (IDTA) and approved Standard Contractual Clauses (SCCs) to ensure an equivalent level of protection.

6. Data Retention Schedule

We retain information only as long as necessary for the purpose it was collected in line with ISO27001 and GDPR compliance.

7. Your Data Subject Rights

Under UK GDPR and the EU AI Act, you have the right to:

Access & Correction: Request copies or corrections of your data.

Erasure & Restriction: Request we delete or limit the processing of your data.

Objection & Withdrawal: Object to processing based on legitimate interests or withdraw consent at any time.

Data Portability: Receive your data in a structured, electronic format.

Human Intervention: Right to request human review of any significant automated decisions made by AI systems.

8. Contact & Redress

If you have queries, wish to exercise your rights, or want to make a complaint, please contact:

Data Protection Officer: [email protected]

Regulatory Body: If unsatisfied, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.