Data Protection Policy

Media Stream AI Limited processes personal data lawfully, fairly, and transparently under the UK Data Protection Act 2018 and EU GDPR.

1. Scope and Principles

• Lawfulness, fairness, transparency
• Purpose limitation and data minimisation
• Accuracy and storage limitation
• Integrity and confidentiality

2. Roles and Responsibilities

MSAI acts as Data Controller; its processors include cloud and analytics vendors bound by DPAs. The DPO monitors GDPR and AI Act compliance (dpo@mediastreamai.com).

3. Security Measures

• Air-gapped GPU clusters and role-based access
• Encryption in transit and at rest
• Regular penetration testing and incident logging

4. Data Subject Rights

Requests are acknowledged within 30 days (Arts. 12–23 GDPR). Appeals may be lodged with the ICO or EU supervisory authority.

5. AI and Ethics Governance

Each AI model undergoes bias and explainability assessment aligned to EU AI Act Title III. Logs of training datasets and risk scores are maintained for 10 years.