LET'S TALK

Vishnu Media – Privacy Policy & Data Processing Agreement

Privacy Policy Introduction

Last Updated: October 10, 2025
This Privacy Policy applies to influencers, clients, partner agencies, and website visitors interacting with Vishnu Media, a company established in Zurich, Switzerland.
It fulfils the transparency requirements under:

• GDPR (EU Regulation 2016/679)
• Swiss nFADP (revDSG)
• UK GDPR
• CCPA/CPRA (California)
• Other equivalent US state privacy laws

1. Who We Are (Controller Information)

Vishnu Media (“we”, “us”, “our”) acts as Data Controller, and in certain cases Data Processor, for influencer marketing, digital campaign execution, and talent management activities.

Contact for privacy matters:
[email protected]
Zurich, Switzerland

No Data Protection Officer (DPO) is legally required, but privacy inquiries are handled internally.

2. Categories of Personal Data We Collect

We collect and process the following categories of data:

A. Influencers & Talents

• Identification data (name, address, email, phone)
• Social media handles & links
• Analytics tokens / API keys
• Content files (videos, images, captions)
• Payment information
• Contracts and communication records
• Demographic data (e.g., age, gender, nationality)
• Special-category data, agreed by collaborating with Vishnu Media under the terms of this Privacy Policy, including:
  • racial or ethnic origin
  • gender identity
  • beliefs
  • lifestyle details
  • hobbies and preferences
  • public social media profile information

B. Clients

• Contact data
• Billing data
• Campaign documentation
• Contracts
• Communication records

C. Partner Agencies

• Contact information
• Influencer-related data shared for campaign execution
• Contract data

D. Website Visitors (WordPress + Google Analytics)

• IP address
• Device/browser metadata
• Referrer URLs
• Cookies and tracking identifiers
• Contact form submissions

3. Purposes of Processing

We process data for:

• Campaign execution & influencer coordination
• Communication and contract management
• Analytics & performance evaluation
• Payment processing
• CRM and business development
• Fraud prevention & security
• Website functionality and optimization
• Compliance with legal obligations

4. Legal Basis (GDPR Art. 6)

Processing is based on:

• 6(1)(b) – Contractual necessity
• 6(1)(f) – Legitimate interests (marketing coordination, fraud prevention, analytics)
• 6(1)(a) – Consent (cookies, analytics, special-category data)
• 6(1)(c) – Legal obligation (invoicing, accounting)

We do not sell personal data.

5. Data Sources (GDPR Art. 14)

When data is not collected directly, we may receive it from:

• Clients
• Partner agencies
• Public social media profiles
• Public websites
• Tools such as Google Analytics
• WordPress forms

6. Sharing & Disclosure of Data

Data may be shared with:

• Clients participating in campaigns
• Partner agencies
• Cloud providers (Google Workspace, Airtable)
• Payment processors (PayPal, Stripe, Wise)
• Hosting providers (WordPress infrastructure)
• Analytics providers (Google Analytics)
• Legal authorities when required

All subprocessors are bound by data protection agreements.

7. International Transfers

Data may be transferred internationally. Transfers are safeguarded by:

• EU Standard Contractual Clauses (SCCs)
• Swiss Addendum (revDSG)
• UK Addendum
• Adequacy decisions

8. Retention Periods

Data is kept only as long as necessary.

• Financial records: 10 years (Swiss law)
• Contractual data: duration of the relationship + statutory limits
• Analytics data (GA4): Google-defined retention periods

Data may be anonymized when possible.

9. Rights of Data Subjects

EU, CH, UK, and US users may request:

• Access
• Correction
• Deletion
• Restriction
• Objection
• Data portability
• Withdrawal of consent

US (CPRA/CCPA) includes the right to:

• Know personal data categories sold/shared (we do not share for cross-context advertising)
• Non-discrimination
• Limit use of sensitive data

Requests: [email protected]

10. Automated Decision-Making & Profiling

We may conduct non-automated profiling related to:

• Influencer selection
• Campaign matching
• Performance analytics

No automated decisions producing legal effects are made.

11. Security Measures

We implement the following TOMs:

• Encryption
• Access controls
• Secure storage
• 2FA on tools
• Audit logging
• Endpoint protection
• Data minimization

12. Joint Controller Information (Social Media Platforms)

When you interact with Vishnu Media on social platforms, joint controllership may apply under GDPR (e.g., Facebook/Instagram Insights).
Data may be co-processed by:

• Meta Platforms Ireland Ltd.
• TikTok Technology Limited
• YouTube/Google LLC

Each platform’s privacy policy applies.

13. Cookies & Tracking Tools

We use:
Google Analytics (GA4)
Cookie banner / consent management platform (CMP)
WordPress cookies

Data processed includes:

• Device/browser data
• Usage patterns
• IP address (anonymized if enabled)

Legal basis: consent (Art. 6(1)(a)).

14. Children

We do not knowingly process data from individuals under 16 in the EU, 13 in the US, unless explicit parental consent is provided.

15. Changes to the Policy

We may update this Policy to reflect operational or legal changes.
The updated version replaces prior versions.

16. Supervisory Authorities

EU: You may lodge a complaint with your local Data Protection Authority.
CH: FDPIC – Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
UK: ICO – Information Commissioner’s Office

DATA PROCESSING AGREEMENT (DPA)

1. Parties

This DPA forms part of the commercial agreement between Vishnu Media (Processor) and the Client or Partner (Controller).

2. Subject Matter

Processing personal data for influencer campaigns, communication, coordination, payments, analytics, and reporting.

3. Duration

During the contractual relationship and as required by law.

4. Nature & Purpose of Processing

Campaign management, influencer communications, performance analytics, administration, and payment management.

5. Data Subjects

Influencers, clients, partners, staff, contractors.

6. Personal Data Categories

Identifiers, influencer data, analytics, communication logs, payment data.

7. Processor Obligations

• Follow controller instructions
• Maintain confidentiality
• Implement TOMs
• Assist with data subject requests
• Notify breaches within 72 hours
• Maintain processing records

8. Subprocessors

Controller authorizes use of subprocessors such as:
Google, Airtable, PayPal, Stripe, Wise, WordPress hosting.
A full list is available on request.

9. International Transfers

Protected by SCCs, Swiss Addendum, UK Addendum, adequacy decisions.

10. Security

Industry-standard technical and organizational measures.

11. Data Return/Deletion

At contract end or by request unless legal retention is required.

12. Audits

Controller may request audit documentation or conduct audits.

13. Liability

Liability follows applicable privacy laws and the underlying contract.

14. Governing Law

Swiss law, courts of Zurich, Switzerland.

15. Consent by Continued Engagement (Influencers, Clients & Partners)

By continuing any form of collaboration with Vishnu Media, including participation in campaigns, sharing influencer data, reviewing briefs, onboarding, using our services, or ongoing communication, you:

• acknowledge that you have access to this Privacy Policy and DPA,
• understand how your data is processed, and
• agree to the collection, use, storage, and processing of your personal data (including voluntarily provided demographic or special-category data) in accordance with this Policy.

If you do not agree, you must discontinue all collaboration and notify us immediately.

READY TO GET THE CONVERSATION

Schedule Now

Ready to get the conversation started?

CONTACT US

Tiktok

Instagram

About

Brands

Influencers

Contact

Data Privacy

Terms & Conditions

Copyright © 2025 Vishnu Media. All Rights Reserved.