Last Updated: March 13, 2023
1. Scope; Key Terms
2. Categories of Personal Information
Zenfolio collects personal information in order to provide our Site, comply with our legal obligations, promote our business interests, and for the other reasons set forth in this Privacy Notice. WHEN YOU DO NOT PROVIDE PERSONAL INFORMATION TO ZENFOLIO, WE MAY NOT BE ABLE TO PROVIDE YOU OUR SERVICES OR SATISFY ITS INTENDED PURPOSE (SEE BELOW). Generally, we collect the following types and categories of personal information during our business operations and for the following purposes:
|Category||Examples||Purpose of Processing|
|Registration information||NameAddressEmailPhone numberUsernamePassword||To provide our Services and communicate with subscribers|
|Photographer financial information||Credit Card numberSSNBank details||To provide our Services, to process transactions for our Services and for our photographer subscribers|
|Customer transaction information||NameEmailPhone numberShipping addressPayment information||To provide our Services, to enable ecommerce transactions, to fulfill orders, and to communicate with customers|
|Photobooker and Photoshoot information||IP addressLocationNameEmailPhone||To provide our Services and to enable our photoshoot scheduling|
|Technical data (See more information below)||IP AddressCookiesSocial media contact information||To provide our Services, to enable logon sessions, to learn more about our visitors, and to improve our Services|
|Support information||NameEmailPhone number||To provide our Services and to provide support to our photographer subscribers and to customers|
|Commercial information||Records of the services you purchased, obtained, or considered, or your other purchasing or consuming histories or tendencies with respect to our services||For our own recordkeeping purposes, for legal compliance and defend our interests, and to understand your preferences.|
|Business contact data||NameEmployerEmployer addressEmailPhone number||To contact employees and contractors of third parties with whom we conduct, or possibly will conduct, business activities|
|Marketing and communications data||NameEmailPhone number||To comply with your marketing preferences to receive, or not receive our marketing materials, and to contact you about our Services|
|Your feedback||NameInformation you provide about the Site or our Services||To improve our Services and to offer you an opportunity to provide your feedback|
|Employment applicants||NameResuméEmployment historyEducationCriminal backgroundCredit history||To review and process applications for individuals seeking employment with Zenfolio|
|Sensitive personal information||Information about images uploaded by photographers, which may include facial recognition data. Photographers, not Zenfolio, control the use of facial recognition tools and the identification of facial recognition data to a name or identity of an individual.||For sorting or organizing photographs in a gallery.|
We will not collect additional categories of personal information from you or use it differently than as described herein, unless we provide you with advance notice and obtain your consent.
3. Technical Data
When you access the Site, we collect certain data automatically using technical means and tools. This data relates to your device, and your experience on the Site and other websites, including the following:
Usage and Device Data. When you access and use the Site, we automatically collect details of your access to and use of the Site, including traffic data, usage logs and other communication data, and the resources that you access and use on or through the Site (e.g., browsing history, search history). We may also collect information about your device and internet connection, including the device’s unique identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Site may collect “diagnostic” data related to your use of the Site, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.
Video Information Disclosure Consent Form
Zenfolio, Inc. (the “Company”, “we”, or “us”) owns, licenses, and/or operates certain websites (each a “Site”) that may, from time to time, display live or prerecorded videos or similar audio visual materials (“Videos”). By requesting access to, or otherwise accessing, any such Video(s), you hereby acknowledge, agree, and consent to the following:
- Disclosure. We may, in our sole discretion, disclose personal information that we collect from you with respect to you requesting access to, and/or accessing, Videos to our partners, affiliates, and service providers, such as social media partners, to assist with the operability and functionality of our Site, to help us assess and improve our Site, products, and services, and to facilitate or assist with our marketing and advertising campaigns.
4. Facial Recognition
Please note that photographers may elect to make it easier for their customers to identify or sort photographs in their photo galleries by implementing facial recognition tools we make available through our services. The facial recognition tools may be used to capture and process biometric data (e.g., scans of facial geometry) with respect to individuals in the images. While Zenfolio may host such facial recognition data to enable photographers to identify and organize their images, the photographers have, in their sole discretion, control of identifying any facial recognition data to a name or identity and are solely responsible for doing so. Zenfolio only uses that data as implemented by photographers, and does not sell that data or use it for any other purpose. Further, Zenfolio does not have any independent method to be able to identify or verify any individual based on that facial recognition data. Zenfolio retains facial recognition data so long as the photographer utilizes those features. Accordingly, requests pertaining to such data have to be resolved by the applicable photographer as they are the “data controller” over such information. Notwithstanding the foregoing, Zenfolio has implemented commercially reasonable protocols to safeguard and, when appropriate, to permanently delete or dispose of images and photographs subject to the facial recognition features. More specifically, Zenfolio will delete images subject to the facial recognition features from its custody or control when it has been more than three (3) years since the last interaction by an applicable photographer with Zenfolio. Zenfolio will disclose and disseminate images subject to the facial recognition features to third parties in accordance with the data sharing and third party disclosure terms and conditions set forth the agreements (i.e., the Terms of Service) between Zenfolio and the applicable photographer/data controller. INDIVIDUALS WHO ARE RESIDENTS OF, OR WHO OTHERWISE ARE LOCATED IN THE STATE OF ILLINOIS (UNITED STATES), ARE PROHIBITED FROM USING, OR BEING SUBJECT TO, ZENFOLIO’S FACIAL RECOGNITION FEATURES.
5. Sources of Information
We collect the personal information identified herein directly from when you engage with us directly, through automated means when you are using the Site, and from third parties. More specifically, we collect personal information from the following sources:
First Party / Direct Collection. We collect personal information directly from you when you use our services or otherwise directly engage with us (e.g., account registration, completing purchases, signing-up for subscriptions, when you visit our offices or premises or otherwise contact us).
Automated Collection. As described above, we may collect information and data, such as usage data and cookies, through automated means when you use the Site (see “Technical Data” above).
Third-Party Sources. We collect personal information from third parties, such as publicly available databases, social networking providers, advertising companies, our service providers, and third-party references.
6. How We Use your Information
We may use the personal information we collect about you in order to provide the Site, comply with our legal obligations, and promote our business interests, including to (i) provide, operate, maintain, improve, and promote our services, (ii) enable you to access and use the Site, (iii) process and complete transactions, and send you related information, including purchase confirmations and invoices, (iv) send transactional messages (e.g., responses to your comments, questions, and requests) and provide customer service and support for our services, (v) furnish technical notices, updates, security alerts, and support and administrative messages to you, (vi) provide you promotional and marketing communications (e.g., information about our services, features, surveys, newsletters, offers, promotions, contests, and events), (vii) process and deliver contest or sweepstakes entries and rewards, (viii) monitor and analyze trends, usage, and activities in connection with our services to promote our business interests (e.g., marketing), (ix) investigate and prevent fraudulent transactions, unauthorized access to or use of the Site or our services, and other illegal activities, and (x) personalize the Site and our advertising, including providing features or advertisements that match your interests and preferences. Notwithstanding the foregoing, Zenfolio may collect and use your personal information for any other purpose for which we obtain your consent. For the avoidance of doubt, you hereby agree that Zenfolio may contact you via any means, including SMS/text message and email, to furnish you information regarding a product order, shipping status, warranty-related information, and similar data and information pertaining to a commercial transaction.
7. Sharing Information / Third-Party Disclosures
We may share your personal information with certain organizations and third parties in accordance with applicable law, including as set out below. However, we do not share personal information with third parties that we have reason to believe use such information for their own direct marketing purposes.
Service Providers. We may share your personal information with companies that provide services on our behalf, such as hosting and analyzing the Site, conducting surveys and marketing on our behalf, processing transactions, and performing analyses to improve the quality of the Site and our services.
Payment Card Transactions. Zenfolio uses Stripe for our payment card transaction. In turn, Zenfolio does not have access to your full credit card information and does not store or disclose your full credit card information. Any personal or financial information you provide to a third party online payment system is subject to Stripe’s privacy terms.
Distributors and Business Partners. We may share your personal information with third parties that distribute our goods, products, and marketing materials.
Business Restructuring. Circumstances may arise where for strategic or other business reasons Zenfolio decides to sell, buy, divest, merge or otherwise reorganize our businesses. We may disclose your personal information to the extent reasonably necessary to proceed with the negotiation or with the completion of a merger, acquisition, divestiture or sale of all or a portion of Zenfolio’s assets.
Disclosure for Other Reasons. We may disclose personal information (i) if required by law, government order, or legal process, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the health and personal safety of any individual. In addition, Zenfolio may disclose your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, or business interests. We may also disclose your information upon your express consent.
In the event that you facilitate a transaction with Zenfolio, or request information from or otherwise engage with us, and such activities require Zenfolio to share your personal information with a service provider or other third party, you hereby consent to such disclosure.
9. Links to Other Websites; Your Direct Third-Party Disclosures
10. Data Retention
11. Zenfolio is based in the United States and the personal information that we collect and process is retained and stored in the United States. Please be aware that the United States may not provide the same level of protection of personal information as in your country, state, or other jurisdiction of residence or nationality, and when transferred to the United States , your personal information may be accessible by, or otherwise made available to, local government authorities and officials pursuant to judicial and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations. You hereby acknowledge and agree that in order to satisfy our contractual obligations and to provide you the Services described here, we have to transfer and process your personal information in the United States.
12. We seek to protect the security of your personal information and use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. HOWEVER, NO INFORMATION SYSTEM CAN BE FULLY SECURE AND WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. MOREOVER, WE ARE NOT RESPONSIBLE FOR THE SECURITY OF PERSONAL INFORMATION YOU TRANSMIT TO THE SITE AND/OR THE SERVICES OVER NETWORKS THAT WE DO NOT CONTROL, INCLUDING THE INTERNET AND WIRELESS NETWORKS, AND YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND DATA AT YOUR OWN RISK. TO THE EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE OR OTHERWISE RESPONSIBLE FOR ANY DATA INCIDENT OR EVENT THAT MAY COMPROMISE THE CONFIDENTIALITY, INTEGRITY, OR SECURITY OF YOUR PERSONAL INFORMATION THAT IS CAUSED BY A THIRD PARTY. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access our Services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately if you have reason to believe that your username or password to our Services has been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your personal information.
13. No Data Collected from Children
The Site is not directed at, nor intended for use by, children. As a result, if you are under the age of eighteen (18) you are prohibited from accessing or using the Services (including the Site).
14. Publicly Posted Information; Product Reviews
The Site may provide you with the ability to submit a comment on, provide an opinion about, rate, or otherwise discuss our Services (a “Product Review”) or provide other information (“Feedback”), which may be posted to a publicly available portion of the Site. Any information or content you post in a Product Review or in your Feedback will be available to other users of the Site (and our social media platforms) and may be retrievable by third-party search engines, and third parties may also be able to download or share your Product Review and Feedback to social media websites or elsewhere. We recommend that you guard your privacy and anonymity and not upload any information in your Product Review and Feedback that you wish to remain confidential. Any third party with access to your information via the Site will be permitted to use the information in the same manner as if you submitted the information directly to that third party. Publicly posting any information on the Site is entirely voluntary on your part and we recommend you carefully consider the information you choose to make publicly available.
15. Your Responsibilities
You are permitted, and hereby agree, to only provide personal information to Zenfolio if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon a person’s data privacy rights or privileges. IF YOU PROVIDE PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO ZENFOLIO, YOU EXPRESSLY REPRESENT AND WARRANT TO ZENFOLIO THAT YOU HAVE THE FULL RIGHT AND AUTHORITY TO PROVIDE ZENFOLIO WITH SUCH PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) AND THAT ZENFOLIO’S USE AND PROCESSING OF SUCH PERSONAL INFORMATION AS SET FORTH HEREIN WILL NOT VIOLATE ANY PERSON’S RIGHTS OR PRIVILEGES, INCLUDING RIGHTS TO PRIVACY. YOU HEREBY AGREE TO FULLY AND COMPLETELY INDEMNIFY ZENFOLIO FOR ANY CLAIMS, HARM, OR DAMAGES THAT MAY ARISE FROM YOUR PROVISION OF PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO ZENFOLIO.
16. Updating/Correcting Your Information
It is important that the personal information that you provide to us is accurate and reliable. In certain circumstances, the Site may offer you the ability to directly edit your account to update and change your personal information (e.g., name, telephone number, email, shipping address) and you must do so, when such changes are warranted. If your account does not contain such features, then you must directly notify Zenfolio of any changes or updates to your personal information in accordance with the “Contact Us” section listed below.
17. Email Marketing and Your Rights
You have the right to opt-out of receiving email marketing communications from us. Generally, the email marketing communications that you receive from us will provide you an option to “unsubscribe” from receiving future email marketing communications from us. You may also unsubscribe from such email marketing by contacting us in accordance with the “Contact Us” section listed below. You hereby agree to immediately notify Zenfolio, in writing, in the event you no longer own, license, or use an email address to which you subscribed to receive email marketing from us.
18. California Privacy Rights
Data Privacy Rights. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), California residents have additional data privacy rights, including the following:
- Access: The right to access general categories and/or the specific pieces of personal information we have collected, used, disclosed, or sold about you over the past twelve (12) months, including the sources from which the personal information was collected; the business or commercial purpose for which your personal information was collected, used, disclosed, or sold; and, the third parties with whom we have shared your personal information.
- Deletion/Erasure: The right to request that we delete/erase your personal information under certain circumstances.
- Data Portability: The right to request that Zenfolio transfers, to the extent technically feasible, personal information in certain forms and formats.
- Nondiscrimination: The right not to be subject to discrimination for asserting your rights under the CCPA.
To exercise any of the CCPA’s data privacy rights set forth herein, please contact us in accordance with the “Contact Us” section listed below. If you would prefer, you may designate an authorized agent to submit a CCPA privacy request on your behalf. An authorized agent must be registered with the California Secretary of State to conduct business in California.
Privacy Request Verification Process. If you (or your authorized agent) makes any request related to your personal information under the CCPA, Zenfolio will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. Zenfolio will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email or other means and match at least two or three pieces of personal information we have previously collected from you before granting you access to, or erasing, specific pieces or categories of personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights are absolute and are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA, please see: https://oag.ca.gov/privacy/ccpa.
Opt-Out Rights / Do Not Sell My Personal Information. California residents have the right to opt-out of the sale of their personal information. Zenfolio does not sell your personal information to third parties for profit or monetary or other valuable consideration.
19. Nevada Privacy Rights
Zenfolio does not currently conduct “sales” of personal information for purposes of Nevada law. Notwithstanding the foregoing, Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their information to others. If you would like to exercise this right, please contact us in accordance with the “Contact Us” section listed below.
20. European Union (EU), Switzerland, and the United Kingdom (UK)
Data Protection Rights. If you are located in the EU, Switzerland, or the UK, you have the following data protection rights:
- Right to Know: The right to know about what personal information Zenfolio collects and processes about you, including the types and categories of personal information we collect and process, the sources of such personal information, our retention criteria, with whom we share your personal information, cross-border data transfers, and how to file complaints and inquiries.
- Automated Decision Making. Zenfolio does not engage in any activity that subjects our customers, Site users, survey participants, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significantly results, impacting them.
- Access Rights. You may ask us whether we process any of your personal information and, if so, receive access to such personal information. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal information concerned as well as any other information necessary for you to exercise the essence of this right.
- Rectification. You have the right to have your personal information corrected/rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal information about you and, taking into account the purposes of the processing, update any incomplete personal information, which may include the provision of a supplementary statement.
- Erasure. You have the right to have your personal information erased, which means the deletion of your personal information by us and, where possible, any other controller to whom your data has previously been disclosed. However, your right to erasure is subject to statutory limits and prerequisites (e.g., where your personal information is no longer necessary in relation to the initial purposes for which it was processed, your personal information was processed unlawfully).
- Restriction of Processing. You have the right to obtain the restriction of the processing of your personal information, which means that we suspend the processing of your personal information for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal information is contested, but we need time to verify the inaccuracy (if any) of your personal information.
- Data Portability. You have the right to request us to provide you with your personal information in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible.
- Right to Object. You have the right to object to the processing of your personal information, which means you may request us to no longer process your personal information. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see below “Legal Basis for Processing”). However, at any time (and free of charge) you can object to having your personal information processed for direct marketing purposes.
- Withdrawing Consent. You also may withdraw your consent at any time if we are solely relying on your consent for the processing of your personal information. However, this will not impact our legal basis to process such personal information prior to the withdrawal of your consent.
To exercise any of these data privacy rights, please contact us, or have your designated agent contact us, in accordance with the “Contact Us” section listed below. To the extent permitted by law, we will need to verify your identity (or the identity of your agent) and ensure the authenticity of your request.
Legal Basis for Processing. We process your personal information in accordance with the legal bases set forth in law. For example, our processing of personal information (as described herein) is justified based on the following legal grounds:
- Consent. Processing is based on your consent (e.g., you register to receive our marketing materials, you voluntarily contact us).
- Legitimate Interests. Processing is necessary for our legitimate interests as set out herein (e.g., monitoring your use of the Site and your compliance with the terms and conditions governing the same, improving our Services).
- Contract Undertaking. Processing is necessary for the performance of a contract to which you are a party (e.g., you purchase or consider purchasing our Services).
- Legal Compliance. Processing is required to comply with a legal or statutory obligation (e.g., tax disclosures).
Complaints. In the event you have concerns about our data processing, you have the right to file a complaint with your data protection authority. For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html). For the data protection authority in the UK, please contact the Information Commissioner’s Office (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach a data protection authority with a complaint, and invite you to contact us in the first instance.
21. Do-Not-Track Signals
Some web browsers may transmit “do-not-track” signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Unless otherwise required by law, we currently do not take action in response to these signals.
22. Persons with Disabilities
24. Events and Video Teleconferencing
Zenfolio hosts and uses video teleconferencing platforms to facilitate conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Google, Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and you hereby consent to the recording of such activities.
25. Changes to the Policy
26. Contact Us