Privacy Policy

Effective from: 5 February 2026
Last updated: 10 April 2026

This Privacy Policy explains how Kapibara Social (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website, contact us, work with us as a client, apply to work as a freelancer, or interact with us through communication channels.

We are committed to protecting your privacy and handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, Regulation (EU) 2016/679 (General Data Protection Regulation).

1. Who we are

For data protection inquiries, contact:
Email: privacy@kapibarasocial.com
Address: Kapibara Social, 124 City Road, London, EC1V 2NX.

Kapibara Social is operated by Marcel Obst, a UK-based sole trader providing video editing and post-production services.

2. Personal data we collect

We process personal data only where we have a lawful basis to do so under applicable data protection law, including the UK GDPR and, where applicable, the EU GDPR. The primary bases are:

  • Performance of a contract – for providing services to clients and managing freelancer relationships.
  • Legal obligation – for compliance with tax, accounting, or recordkeeping requirements.
  • Legitimate interests – for responding to enquiries, maintaining business relationships, preventing fraud and misuse, improving our services, and managing the security of our systems, provided those interests are not overridden by individuals’ rights and freedoms.
  • Consent – where required (for example, when retaining contact details for marketing updates or testimonials).

Client and prospective client data
We process personal data provided by clients and prospective clients in the context of a contractual or pre-contractual relationship, or as a result of a request for information. This includes information you submit through our website contact form, such as your name, email address, and enquiry details.

This data may include identification and contact details, professional or business information, billing and payment information, as well as communications relating to the services provided or requested. Such data is processed for the purposes of managing the business relationship, delivering the contracted services, responding to enquiries, carrying out administrative tasks, and complying with applicable legal obligations.

From freelancers & applicants:
Personal and professional information provided as part of an application or working relationship, including contact details, location, professional background, skills, experience, availability, rates, portfolio or sample work, and any information required to assess suitability, manage engagements, meet contractual obligations, and comply with legal or tax requirements. We also process communications and correspondence exchanged in the course of applications, onboarding, and ongoing collaboration, using communication tools and platforms appropriate to the work.

From individuals appearing in client-provided video/audio:
Personal data that may be contained within media files submitted by clients for editing or review. We do not collect this data directly, it is contained within content provided to us by clients. We process such data solely on the client’s instructions and for the purposes of delivering the requested services. Clients are responsible for ensuring that any personal data included in submitted content is lawfully obtained and that any required consents or legal bases are in place before providing the content to us.

3. How we use your data

We use personal data to respond to enquiries, provide and manage our services, deliver and review client work, manage freelancer relationships, process payments, comply with legal and tax obligations, and maintain the security of our systems.

Each use of personal data is based on one or more lawful grounds described in Section 2, mainly contract performance, legal obligations, or our legitimate interests in running and improving our business. Where we send marketing or service update communications, we do so either with your consent or, for existing clients, on the basis of our legitimate interests in communicating about similar services, in accordance with applicable law. You may opt out of marketing communications at any time by contacting us or using the unsubscribe option in any such communication. Where processing is based on consent, you may withdraw it at any time.

4. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, including the duration of any active client or working relationship, compliance with legal or tax obligations, and resolution of disputes. This applies to all individuals whose data we process, including clients, collaborators, and contacts. We periodically review the data we hold and securely delete or anonymise data that is no longer needed.

5. Who we share your data with

We use trusted third-party providers to support our operations, including hosting, communications, project management, file storage, payments, and accounting. These providers act either as data processors (processing information on our behalf) or, as independent data controllers under their own terms and privacy policies.

These providers include, by category: cloud storage and file delivery services; email, calendar, and productivity tools; website hosting and content management systems; website analytics tools that collect only anonymised and aggregated data; payment processors; video editing and production software; AI-assisted editing and workflow tools; project and workflow management platforms; and communication and collaboration tools including messaging and social media platforms. We seek to work with providers that implement appropriate security measures and, where possible, demonstrate compliance with applicable data protection law. Where a provider does not fully meet these standards, we apply additional measures to minimise the personal data processed through that system and keep the arrangement under review. Where personal data is transferred outside the UK or EEA, we rely on standard contractual clauses, adequacy decisions, or equivalent safeguards.

Where clients or prospective clients contact us via third-party messaging or social media platforms such as WhatsApp, Instagram, LinkedIn, or similar services, those platforms operate as independent data controllers under their own terms and privacy policies. We receive and handle communications sent via these channels in accordance with this policy, but we do not control how those platforms process data in transit. We recommend avoiding sharing sensitive personal data via social messaging platforms where possible.

We do not store or process full payment card or bank details; these are handled directly and securely by our payment partners.

6. Cookies & analytics

Our website does not use tracking cookies or collect personal information. We use privacy-friendly analytics that gather only aggregated, anonymised data such as page views and device type, to understand website usage and improve our content.

7. Special category data

When clients provide media files or other content containing personal data, we process it solely to deliver the requested services and only on the client’s instructions. We do not collect this data directly, it is contained within content provided to us by clients. Clients are responsible for ensuring any required consents or lawful bases are in place before sharing such content. We treat all media as confidential and restrict access to authorised team members involved in the project.

8. Data security

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse.

Access is limited to authorised personnel and service providers who need it to perform their work. While no system is completely secure, we regularly review our practices to ensure a reasonable level of protection in line with data protection law.

9. Data breaches

If a personal data breach occurs that may risk individuals’ rights or freedoms, we will act promptly in line with data protection law. This includes documenting the breach and our response, and notifying affected individuals where required.

Where required by law, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a breach. Where a breach affects personal data relating to individuals based in the European Union, we will also notify the relevant EU supervisory authority where required by applicable law.

10. Your rights

Under UK data protection law, you have the right to access, correct, delete, or restrict your personal data, to object to certain processing, and to request data portability.

To exercise these rights, contact us using the details in Section 1. You also have the right to lodge a complaint with the ICO. If you are based in the European Union, you may also lodge a complaint with your national data protection supervisory authority.

We will respond to all data subject requests within one calendar month of receipt, in accordance with applicable law.

11. Children’s data

Our services are not directed to children under 18, and we do not knowingly collect their data. If children appear in client-provided content, it is the client’s responsibility to ensure parental consent and lawful processing before submission.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted here with an updated ‘last updated’ date, and significant updates will be communicated to you directly where appropriate.

Questions? Contact us using the details in section 1.

WhatsApp