REELIUM DATA PROTECTION AND PRIVACY NOTICE
Effective Date: October 23, 2025
This Privacy Policy (“Policy”) describes how BDH ApS, a Danish private limited company with registered office in Denmark (“Company,” “we,” “us,” or “our”), collects, uses, processes, discloses, and protects information in connection with the Reelium software plugin (“Software” or “Plugin”) available at www.reelium.io (“Website”).
This Policy applies to all users of the Software, including purchasers of licenses, free version users, and administrators of WordPress installations on which the Software is deployed (collectively, “you,” “your,” or “User”).
1.1 This Policy applies to all personal data and information collected through:
(a) The Website (www.reelium.io);
(b) The purchase and licensing process;
(c) The Software itself, including both Free and Pro versions;
(d) Customer support communications and interactions.
1.2 This Policy does not apply to:
(a) Third-party websites, services, or applications, even if accessible through links on our Website or referenced in the Software;
(b) Data processing conducted by Users through their own WordPress installations, for which Users act as independent data controllers;
(c) Employment or business-to-business relationships with Company.
1.3 By using the Software or Website, you acknowledge that you have read, understood, and consent to the data processing practices described herein.
2.1 “Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws.
2.2 “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
2.3 “Data Controller” means the entity that determines the purposes and means of Processing Personal Data.
2.4 “Data Processor” means an entity that Processes Personal Data on behalf of a Data Controller.
2.5 “Data Subject” means an identified or identifiable natural person whose Personal Data is Processed.
2.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data.
3.1 For the purposes of data protection laws, BDH ApS acts as the Data Controller for:
(a) License and account information collected during purchase;
(b) License validation data transmitted during Software activation;
(c) Support communications and inquiries.
3.2 Users of the Software act as independent Data Controllers for any analytics data or visitor information collected through their WordPress installations.
3.3 Company contact information:
BDH ApS
Email: privacy@reelium.io
Website: www.reelium.io/privacy
In connection with the purchase and licensing of the Pro Version, Company collects the following Personal Data:
(a) Email address for license delivery, account management, and customer communications;
(b) Full name for billing and invoicing purposes;
(c) License Key, a unique identifier generated and associated with your purchase;
(d) WordPress site URL to which the License will be activated.
4.2 Payment processing information is collected and processed exclusively by Stripe, Inc., an independent third-party payment processor. Company does not collect, store, or have access to complete payment card information.
Upon License activation and during periodic validation checks, the Software transmits the following technical information to Company’s servers:
(a) WordPress installation URL;
(b) Software version number;
(c) PHP version installed on the server;
(d) WordPress core version;
(e) Server environment information necessary for compatibility verification and technical support.
The Pro Version of the Software collects anonymized, aggregated analytics data regarding video content performance on User’s WordPress installation, including but not limited to:
(a) Video view counts and impressions;
(b) Video watch duration and completion rates;
(c) Click-through rates on call-to-action elements;
(d) Device type classifications (mobile, tablet, desktop);
(e) Page-level performance metrics.
Critical Notice: Analytics data is stored exclusively within User’s WordPress database. Company does not collect, access, transmit, or store this analytics data on its servers. User maintains complete control and ownership of all analytics data.
When Users contact Company for technical support or customer service, Company collects:
(a) Email address and name;
(b) Content of support inquiries and correspondence;
(c) Technical information voluntarily provided by User to facilitate issue resolution;
(d) Any additional information User chooses to disclose.
Company may collect non-personally identifiable information about Website visitors through standard web server logs and analytics tools, including:
(a) IP addresses (anonymized where required);
(b) Browser type and version;
(c) Operating system;
(d) Referring URLs;
(e) Pages accessed and time spent on pages.
Company Processes Personal Data for the following purposes:
(a) License Fulfillment: To deliver License Keys, validate License activations, process renewals, and enforce License terms;
(b) Customer Support: To respond to inquiries, troubleshoot technical issues, and provide assistance;
(c) Service Improvement: To identify compatibility issues, prioritize feature development, and resolve software defects;
(d) Essential Communications: To send License expiration notices, critical security updates, and important Software announcements;
(e) Legal Compliance: To comply with applicable laws, regulations, and legal processes;
(f) Fraud Prevention: To detect, prevent, and investigate fraudulent transactions or License misuse.
Where GDPR applies, Company relies on the following legal bases for Processing:
(a) Contractual Necessity (Article 6(1)(b) GDPR): Processing is necessary for the performance of the License agreement and to provide the Software and related services;
(b) Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for Company’s legitimate business interests in improving the Software, providing customer support, and preventing fraud, provided such interests are not overridden by Data Subject’s fundamental rights;
(c) Consent (Article 6(1)(a) GDPR): For optional marketing communications or other Processing activities where consent is obtained;
(d) Legal Obligation (Article 6(1)(c) GDPR): To comply with legal requirements, including tax, accounting, and regulatory obligations.
Company adheres to the principle of data minimization, collecting only Personal Data that is adequate, relevant, and limited to what is necessary for the specified purposes.
Company may share Personal Data with the following categories of third-party service providers who Process data on Company’s behalf:
(a) Payment Processors: Stripe, Inc. processes payment transactions. Stripe’s privacy practices are governed by its privacy policy available at https://stripe.com/privacy. Company does not store complete payment card information.
(b) Hosting and Infrastructure Providers: Services that host Company’s servers, databases, and Website infrastructure.
(c) Email Service Providers: Services used to deliver transactional emails, support communications, and essential notifications.
6.2 All third-party service providers are contractually obligated to maintain appropriate security measures and to Process Personal Data only in accordance with Company’s instructions and applicable data protection laws.
Company does not sell, rent, lease, or otherwise monetize Personal Data to third parties for their own marketing or commercial purposes.
Company may disclose Personal Data when required to do so:
(a) To comply with applicable laws, regulations, legal processes, or enforceable governmental requests;
(b) To enforce Company’s Terms of Service or other agreements;
(c) To detect, prevent, or address fraud, security, or technical issues;
(d) To protect against harm to the rights, property, or safety of Company, Users, or the public as required or permitted by law.
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of Company’s assets, Personal Data may be transferred to the successor entity, provided such entity agrees to honor the terms of this Policy.
(a) License Data: Stored on Company’s secure servers located in the European Union or with third-party service providers compliant with applicable data protection standards;
(b) Payment Data: Processed and stored by Stripe, Inc. in accordance with Payment Card Industry Data Security Standard (PCI-DSS) requirements;
(c) Analytics Data: Stored exclusively within User’s WordPress database under User’s control. Company does not maintain copies of analytics data.
Company implements appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction, including:
(a) Encryption of data in transit using Transport Layer Security (TLS) protocols;
(b) Secure API endpoints for License validation;
(c) Access controls and authentication mechanisms;
(d) Regular security assessments and updates;
(e) Employee training on data protection practices.
7.3 Notwithstanding these measures, no method of electronic transmission or storage is completely secure. Company cannot guarantee absolute security of Personal Data.
Company retains Personal Data for the following periods:
(a) Active Licenses: Data retained for the duration of the active License period and as long as the account remains active;
(b) Expired Licenses: Data retained for twenty-four (24) months following License expiration to facilitate potential renewals and provide historical support;
(c) Support Communications: Retained for twelve (12) months from the date of the last communication;
(d) Analytics Data: Retention controlled entirely by User through WordPress database management;
(e) Legal Retention: Data may be retained longer where required by applicable law or to establish, exercise, or defend legal claims.
7.5 Upon expiration of the applicable retention period, Personal Data will be securely deleted or anonymized.
If you are located in the European Union or European Economic Area, you have the following rights:
(a) Right of Access (Article 15): The right to obtain confirmation of whether Personal Data is being Processed and to access such data;
(b) Right to Rectification (Article 16): The right to request correction of inaccurate or incomplete Personal Data;
(c) Right to Erasure (Article 17): The right to request deletion of Personal Data (“right to be forgotten”) under certain circumstances;
(d) Right to Restriction of Processing (Article 18): The right to request limitation of Processing under certain conditions;
(e) Right to Data Portability (Article 20): The right to receive Personal Data in a structured, commonly used, machine-readable format and to transfer such data to another controller;
(f) Right to Object (Article 21): The right to object to Processing based on legitimate interests or for direct marketing purposes;
(g) Right to Withdraw Consent (Article 7): Where Processing is based on consent, the right to withdraw such consent at any time;
(h) Right to Lodge a Complaint: The right to file a complaint with a supervisory authority if you believe your data protection rights have been violated.
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
(a) Right to Know: The right to request disclosure of the categories and specific pieces of Personal Data collected, the purposes for collection, and categories of third parties with whom Personal Data is shared;
(b) Right to Delete: The right to request deletion of Personal Data, subject to certain exceptions;
(c) Right to Opt-Out: The right to opt-out of the sale of Personal Data (Company does not sell Personal Data);
(d) Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising CCPA rights.
To exercise any of the above rights, please submit a request to:
Email: privacy@reelium.io
8.4 Company will respond to verified requests within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA).
8.5 Company may require additional information to verify your identity before processing requests involving access to or deletion of Personal Data.
8.6 Certain rights may be subject to legal limitations or exceptions. Company will explain any limitations when responding to your request.
9.1 Personal Data may be transferred to, stored in, and Processed in countries outside your country of residence, including Denmark and other jurisdictions where Company’s service providers are located.
9.2 When transferring Personal Data from the European Union or European Economic Area to countries that do not provide an adequate level of data protection as determined by the European Commission, Company relies on appropriate safeguards, including:
(a) Standard Contractual Clauses approved by the European Commission;
(b) Adequacy decisions issued by the European Commission;
(c) Other legally recognized transfer mechanisms.
9.3 By using the Software, you acknowledge and consent to such international transfers of Personal Data.
10.1 The Software itself does not deploy cookies, web beacons, or similar tracking technologies within User’s WordPress installation.
10.2 The Website may use cookies and similar technologies for functional and analytical purposes. Users can control cookie preferences through browser settings.
10.3 Analytics data collected by the Pro Version is processed server-side without the use of browser cookies or client-side tracking scripts.
10.4 Users implementing the Software on their WordPress installations are responsible for maintaining their own cookie policies and obtaining necessary consents from their website visitors.
11.1 The Software and services are not directed to, and Company does not knowingly collect Personal Data from, individuals under the age of sixteen (16) years.
11.2 If Company becomes aware that Personal Data has been collected from a child under 16 without verifiable parental consent, Company will take steps to delete such information promptly.
11.3 If you believe Company has inadvertently collected information from a child under 16, please contact privacy@reelium.io immediately.
12.1 Users who implement the Software on their WordPress installations acknowledge and agree that:
(a) Users act as independent Data Controllers for any analytics data or visitor information collected through their installations;
(b) Users are solely responsible for compliance with applicable data protection laws in their jurisdictions;
(c) Users must maintain appropriate privacy policies on their websites informing visitors of data collection practices;
(d) Users must obtain all necessary consents from website visitors where required by law;
(e) Users are responsible for implementing appropriate security measures to protect their WordPress installations and databases.
12.2 Company recommends that Users include the following disclosures in their website privacy policies when using the Pro Version:
(a) Collection of anonymized video analytics data;
(b) Purpose of data collection (e.g., improving user experience);
(c) Local storage of data without transmission to external parties.
13.1 In the event of a data breach affecting Personal Data, Company will:
(a) Conduct a prompt investigation to determine the nature and scope of the breach;
(b) Notify affected Data Subjects without undue delay and, where required by GDPR, within seventy-two (72) hours of becoming aware of the breach;
(c) Notify relevant supervisory authorities as required by applicable law;
(d) Provide affected individuals with information about the breach, including the categories of data affected, likely consequences, and measures taken or proposed to address the breach.
13.2 Notifications will be made via email to the address associated with the affected account.
14.1 Company reserves the right to modify this Policy at any time to reflect changes in legal requirements, business practices, or Software functionality.
14.2 Material changes to this Policy will be:
(a) Posted on the Website with an updated “Effective Date”;
(b) Communicated to active Pro Version License holders via email;
(c) Effective immediately upon posting unless otherwise specified.
14.3 Continued use of the Software or Website following the posting of changes constitutes acceptance of the modified Policy.
14.4 Users are encouraged to review this Policy periodically to stay informed of data protection practices.
15.1 If you are located in the European Union or European Economic Area and believe Company has violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority.
15.2 Company encourages Data Subjects to contact privacy@reelium.io first to resolve concerns informally.
15.3 Company will investigate all complaints and respond within thirty (30) days.
16.1 Some web browsers incorporate “Do Not Track” features. Currently, no uniform standard exists for recognizing and implementing Do Not Track signals.
16.2 The Website does not respond to Do Not Track signals at this time. Company will update this Policy if and when a universal standard is established.
17.1 The Website and Software may contain links to third-party websites, services, or resources not operated by Company.
17.2 Company has no control over and assumes no responsibility for the content, privacy policies, or practices of third-party websites or services.
17.3 Users are encouraged to review the privacy policies of any third-party websites or services before providing Personal Data.
18.1 Company will send transactional and administrative communications necessary for License management, including renewal notices and critical security updates. These communications cannot be opted out of while maintaining an active License.
18.2 Company may, with User consent, send promotional or marketing communications. Users may opt out of such communications at any time by:
(a) Clicking the “unsubscribe” link in marketing emails;
(b) Contacting support@reelium.io with an opt-out request.
18.3 Opt-out requests will be processed within ten (10) business days.
For questions, concerns, or requests regarding this Privacy Policy or Company’s data processing practices, please contact:
BDH ApS
Privacy Officer
Email: privacy@reelium.io
Support: support@reelium.io
Website: www.reelium.io/privacy
19.1 Company will respond to all privacy-related inquiries within thirty (30) days.
20.1 This Policy is written in English. Any translations are provided for convenience only. In the event of any conflict between the English version and any translation, the English version shall prevail.
20.2 Headings and section titles are for reference purposes only and do not limit or affect the interpretation of this Policy.
21.1 This Policy shall be governed by and construed in accordance with the laws of Denmark, to the extent not in conflict with applicable data protection regulations including GDPR.
21.2 For Data Subjects in the European Union or European Economic Area, GDPR shall take precedence to the extent of any conflict with Danish law.
BY USING THE SOFTWARE OR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, PROCESSING, AND USE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN, TO THE EXTENT SUCH CONSENT IS REQUIRED UNDER APPLICABLE LAW.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, YOU MUST DISCONTINUE USE OF THE SOFTWARE AND WEBSITE IMMEDIATELY.
END OF PRIVACY POLICY
