GDPR Compliance

Last updated: 8/12/2025

1. Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. This page explains how Ghibli Style complies with GDPR requirements and protects your personal data when using our AI image transformation services.

2. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Information

You have the right to be informed about how your personal data is collected, used, and processed.

Right of Access

You have the right to request access to your personal data and receive a copy of it.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

Right to Object

You have the right to object to processing of your personal data for certain purposes.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for processing
  • Legitimate Interest: For improving our services and website functionality
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interest: To protect your vital interests or those of others

4. Data Processing Activities

Website Analytics

We use analytics tools to understand website usage and improve user experience. This processing is based on legitimate interest. You can opt out of analytics cookies where available.

Image Processing

Images you upload are processed by our AI algorithms to create Ghibli-style transformations. We process this data based on your consent and legitimate interest in providing the service. Images are automatically deleted after processing.

Communication

When you contact us, we process your communication data to respond to your inquiries.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Analytics data: 26 months
  • Communication records: 3 years
  • Uploaded images: Immediately deleted after processing
  • Generated images: 30 days in cache (if applicable)
  • Account data: Until account deletion
  • Legal compliance data: As required by law
  • Consent records: Until consent is withdrawn plus 3 years

6. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures

8. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and ensuring GDPR compliance. You can contact our DPO at: ljs418698976@163.com

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: ljs418698976@163.com

Subject: GDPR Request - [Type of Request]

Response Time: Within 30 days

10. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

11. Updates

We may update this GDPR compliance information from time to time. Any changes will be communicated through our website and other appropriate channels.