Skip to main content
Hamedia Agency

GDPR Compliance Statement

Last updated: October 2025

1. Introduction

This GDPR Compliance Statement outlines how Hamedia collects, uses, protects, and transfers personal data of individuals located in the European Economic Area (EEA) and the United Kingdom (UK) in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.

While Hamedia operates from California, USA, we recognize the importance of global privacy rights and adhere to GDPR principles when offering services or handling data from EU/UK residents.

2. Who We Are

Hamedia is a creative digital agency offering services including:

  • Digital marketing strategy
  • Social media management
  • SEO
  • Branding & design
  • Virtual assistance
  • Content creation
  • Outsourcing solutions

We serve clients internationally and may process data of individuals in the EU/UK during these engagements.

3. Lawful Basis for Processing

We only process personal data when we have a valid legal basis under GDPR. These may include:

  • Consent – You have given clear permission for us to process your personal data for a specific purpose.
  • Contractual necessity – The processing is necessary to perform a contract or to take steps at your request before entering into a contract.
  • Legal obligation – The processing is necessary for compliance with a legal obligation.
  • Legitimate interests – We process data to support our business operations, provided your rights and freedoms are not overridden.

4. Types of Personal Data We Collect

We may collect and process the following categories of personal data:

CategoryExamples
Contact InformationName, email address, phone number, business name
Professional DataJob title, industry, client project info
Technical DataIP address, browser type, device ID, cookies, location
Usage DataWebsite activity, time on page, click behavior
Communication DataEmails, chat transcripts, form submissions
Payment & Billing DataBilling address, transaction history (via Stripe or others)

We do not collect sensitive data (racial or ethnic origin, biometric data, health data, etc.) unless required and consented.

5. Purpose of Data Processing

We process personal data for the following purposes:

  • To provide and manage our digital marketing and outsourcing services
  • To communicate with prospects and clients (via forms, email, or platforms)
  • To fulfill contracts and deliverables
  • For marketing (when consented)
  • To analyze and improve our website and services
  • To comply with legal obligations
  • To prevent fraud and maintain site security

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including:

  • As required by contracts
  • For legal, tax, or regulatory obligations
  • To resolve disputes or enforce our terms

After that, we securely delete or anonymize data.

7. Data Transfers Outside the EU/UK

Because Hamedia is based in the United States, data from EU/UK users is transferred internationally. We implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Contractual obligations with third-party processors
  • Data minimization and security protocols

We are committed to protecting transferred data and ensuring it receives equivalent protection.

8. Your GDPR Rights

If you're located in the EEA or UK, you have the right to:

  • Access – Request a copy of your personal data.
  • Rectification – Request corrections to inaccurate or incomplete data.
  • Erasure – Request deletion of your data (under certain conditions).
  • Restriction – Request to limit how we process your data.
  • Data Portability – Request to move your data to another service.
  • Objection – Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent – At any time, where processing is based on your consent.
  • Lodge a Complaint – With your local data protection authority.

📩 To exercise these rights, email us at info@hamediaagency.com. We will respond within 30 days, or as otherwise required by law.

9. Cookies & Tracking Technologies

We use cookies and similar technologies on our website. For EU/UK users, we obtain consent for non-essential cookies. You can manage preferences via our cookie banner or browser settings. Please see our Cookie Policy for full details.

10. Data Security

Hamedia implements appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include:

  • HTTPS encryption
  • Secure login access for platforms
  • Limited employee access based on role
  • Vendor due diligence for any third-party services
  • Regular security reviews

See our Data Security Policy for more.

11. Processors & Subprocessors

We may share data with trusted service providers who help us run our business. These may include:

  • Web hosting services
  • Email and marketing automation platforms
  • Analytics providers (e.g., Google Analytics)
  • CRM platforms
  • Payment processors (e.g., Stripe)

All subprocessors are bound by strict data protection obligations.

12. Breach Notification

In the event of a data breach affecting EU/UK individuals, we will:

  • Notify the relevant data protection authority within 72 hours (if required)
  • Notify affected individuals when there is a high risk to their rights and freedoms
  • Document all breach-related activities and responses

13. Updates to This Statement

We may update this GDPR Statement from time to time to reflect changes in law or practice. We will indicate the last updated date at the top and notify users of significant changes via email or website notice.

14. Contact Information

If you have questions or concerns about our GDPR practices or how we handle your data:

Hamedia

📍 18001 Sky Park Circle J, Irvine, CA 92614

📧 info@hamediaagency.com

🌐 https://hamediaagency.com

Have Questions About Your Data?

Our team is here to help you understand your rights and how we protect your information.

Contact Us