Last Updated 12/22/2022.

1. Introduction

1.1 Overview. This Government Authority Data Request Policy (Policy) as established by Object Studio LLC, a Texas limited liability company (Object Studio), sets out the procedures for responding to personal information (collectively, Personal Data) requests (collectively, Data Requests) received from law enforcement or other government authorities (collectively, Authorities) to disclose personal information held or processed by Object Studio on behalf of its clients (collectively, Clients). This Policy is intended to serve solely as an informational resource and does not create any obligation or waive any objection concerning how Object Studio will respond to any particular Data Request. Please review this Policy before submitting a Data Request to Object Studio.

1.2 Assessment; Costs. Upon Object Studio’s receipt of a Data Request, Object Studio will evaluate such Data Request in accordance with this Policy. Object Studio reserves the right to reject or appeal any Data Request, where available, and shall not disclose the requested Personal Data until required to do so under this Policy or applicable law or regulation. Object Studio reserves the right to seek reimbursement for the costs associated with responding to any Authority’s Data Request, where appropriate, from the Authority and/or its applicable Client(s).

2. Data Requests

2.1 Submission; Legal Process Requirements. Authorities shall submit Data Requests to Object Studio at: operations@objectstudio.co.

Each Data Request must: (a) be served by appropriate legal process, such as a subpoena, court order, or a warrant, in accordance with applicable law or regulation; and (b) specifically detail the Personal Data sought. Object Studio objects to any Data Request where production is prohibited or where the process served is insufficient to compel production of the requested Personal Data under the Electronic Communications Privacy Act (18 U.S.C. § 2701 et seq.) or other applicable law or regulation.

2.2 Limitations on Disclosure. To the fullest extent permitted by applicable law, and upon receipt of a Data Request, Object Studio reserve the right to: (a) reject, fight or quash such Data Request; (b) provide the applicable Client(s) or subjects of such Personal Data with reasonable notice of the Data Request in order to give them the opportunity to seek a protective order or other appropriate remedy; (c) redirect the requesting Authority to request the Personal Data in the Data Request from the applicable Client directly; and (d) if ultimately required to disclose the Personal Data in question to the Authority, limit the disclosure to the minimum amount legally necessary to comply with the Data Request. In the event that Object Studio is contractually prohibited from making any such disclosure in a Data Request, Object Studio may legally challenge such Data Request and seek any applicable waiver.

2.3 Consultation with Authorities. Upon receipt of a Data Request, Object Studio may consult with applicable data protection authorities (and, where it processes the personal information in question) to address the Data Request.

3.  Notice of a Data Request

3.1 Notice to the Client; Assistance. As mentioned, if a Data Request concerns Personal Data for which a Client is the controller, Object Studio will ordinarily ask the Authority to make the Data Request directly to the relevant Client. If the Authority agrees, Object Studio will support the Client in accordance with the terms of its contract with Object Studio, or as agreed upon by the parties, to respond to the Data Request, and if applicable, with legal assistance to contest the Data Request. Should this not be possible, Object Studio may notify and provide the Client with the details of the Data Request prior to disclosing any Personal Data.

3.2 Notice of Incompatible European Compliance. If Object Studio have reason to believe that a Data Request is incompatible with European data protection requirements and conflicts with Object Studio’s existing contractual commitments to its applicable Client(s), Object Studio will notify such Customer(s) of its inability to comply with European data protection laws, and the Client(s) will have the right to immediately suspend any further processing of personal information and/or terminate their agreement(s) with Object Studio.

3.3 Notice to Competent Data Protection Authorities. If the Authority to whom a Data Request is made is in a country that does not provide an adequate level of protection for requested Personal Data in accordance with applicable data protection laws, Object Studio reserves the right to reject the Data Request, and may notify and consult with competent data protection authorities concerning the same.

4. Amendments

4.1 Amendments. Object Studio will review and, if necessary, amend this Policy to address changing data privacy regulations and risk environments associated with any Personal Data under its control.