Last Updated: November 6, 2023
California Privacy (see Section 18)
EU & UK GDPR (see Section 20)
Please note that Zenfolio is subject to the Data Protection Framework (DPF) and will process our client’s personal information in accordance with the DPF.
1. Scope; Key Terms
2. Categories of Personal Information
|Purpose of Processing
|Name; Address; Email; Phone number; Username; Password
|To provide our Services and communicate with subscribers
|Photographer financial information
|Credit Card number; SSN; Bank details
|To provide our Services, to process transactions for our Services and for our photographer-subscribers
|Customer transaction information
|Name; Email; Phone number; Shipping address; Payment information
|To provide our Services, to enable ecommerce transactions, to fulfill orders, and to communicate with customers
|Photobooker and Photoshoot information
|IP address; Location; Name; Email; Phone
|To provide our Services and to enable our photoshoot scheduling
|Technical data (See more information below)
|IP Address; Cookies; Social media contact information
|To provide our Services, to enable logon sessions, to learn more about our visitors, and to improve our Services
|Name; Email; Phone number
|To provide our Services and to provide support to our photographer-subscribers and to customers
|Records of the services you purchased, obtained, or considered, or your other purchasing or consuming histories or tendencies with respect to our services
|For our own recordkeeping purposes, for legal compliance and to defend our interests, and to understand your preferences
|Business contact data
|Name; Employer; Employer address; Email; Phone number
|To contact employees and contractors of third parties with whom we conduct, or possibly will conduct, business activities
|Marketing and communications data
|Name; Email; Phone number
|To comply with your marketing preferences to receive, or not receive, our marketing materials, and to contact you about our Services
|Name; Information you provide about the Site or our Services
|To improve our Services and to offer you an opportunity to provide your feedback
|Name; Resumé; Employment history; Education; Criminal background; Credit history
|To review and process applications for individuals seeking employment with Zenfolio
|Sensitive personal information
|Information about images uploaded by photographers, which may include facial recognition data. Photographers, not Zenfolio, control the use of facial recognition tools and the identification of facial recognition data to a name or identity of an individual.
|For sorting or organizing photographs in a gallery.
We will not collect additional categories of personal information from you or use it differently than as described herein, unless we provide you with advance notice and obtain your consent.
3. Technical Data
When you access the Site, we collect certain data automatically using technical means and tools. This data relates to your device, and your experience on the Site and other websites, including the following:
Usage and Device Data. When you access and use the Site, we automatically collect details of your access to and use of the Site, including traffic data, usage logs and other communication data, and the resources that you access and use on or through the Site (e.g., browsing history, search history). We may also collect information about your device and internet connection, including the device’s unique identifier (e.g., device type, IMEI, Wi-Fi MAC, IP address), operating system, browser type, and mobile network information. The Site may collect “diagnostic” data related to your use of the Site, such as crash data and logs, performance data (e.g., launch time, hang rate, or energy use), and any other data collected for the purposes of measuring technical diagnostics.
4. Facial Recognition
Please note that photographers may elect to make it easier for their customers to identify or sort photographs in their photo galleries by implementing facial recognition tools we make available through our services. The facial recognition tools may be used to capture and process biometric data (e.g., scans of facial geometry) with respect to individuals in the images. While Zenfolio may host such facial recognition data to enable photographers to identify and organize their images, the photographers have, in their sole discretion, control of identifying any facial recognition data to a name or identity and are solely responsible for doing so. Zenfolio only uses that data as implemented by photographers and does not sell that data or use it for any other purpose. Further, Zenfolio does not have any independent method to be able to identify or verify any individual based on that facial recognition data. Zenfolio retains facial recognition data so long as the photographer utilizes those features. Accordingly, requests pertaining to such data have to be resolved by the applicable photographer as they are the “data controller” over such information. Notwithstanding the foregoing, Zenfolio has implemented commercially reasonable protocols to safeguard and, when appropriate, to permanently delete or dispose of images and photographs subject to the facial recognition features. More specifically, Zenfolio will delete images subject to the facial recognition features from its custody or control when it has been more than three (3) years since the last interaction by an applicable photographer with Zenfolio. Zenfolio will disclose and disseminate images subject to the facial recognition features to third parties in accordance with the data sharing and third-party disclosure terms and conditions set forth the agreements (i.e., the Terms of Service) between Zenfolio and the applicable photographer/data controller. INDIVIDUALS WHO ARE RESIDENTS OF, OR WHO OTHERWISE ARE LOCATED IN THE STATE OF ILLINOIS (UNITED STATES), ARE PROHIBITED FROM USING, OR BEING SUBJECT TO, ZENFOLIO’S FACIAL RECOGNITION FEATURES.
5. Sources of Information
We collect the personal information identified herein directly from you when you engage with us directly, through automated means when you are using the Site, and from third parties. More specifically, we collect personal information from the following sources:
First Party / Direct Collection. We collect personal information directly from you when you use our services or otherwise directly engage with us (e.g., account registration, completing purchases, signing-up for subscriptions, when you visit our offices or premises or otherwise contact us).
Automated Collection. As described above, we may collect information and data, such as usage data and cookies, through automated means when you use the Site (see “Technical Data” above).
Third-Party Sources. We collect personal information from third parties, such as publicly available databases, social networking providers, advertising companies, our service providers, and third-party references.
6. How We Use your Information
We may use the personal information we collect about you in order to provide the Site, comply with our legal obligations, and promote our business interests, including to (i) provide, operate, maintain, improve, and promote our services, (ii) enable you to access and use the Site, (iii) process and complete transactions, and send you related information, including purchase confirmations and invoices, (iv) send transactional messages (e.g., responses to your comments, questions, and requests) and provide customer service and support for our services, (v) furnish technical notices, updates, security alerts, and support and administrative messages to you, (vi) provide you promotional and marketing communications (e.g., information about our services, features, surveys, newsletters, offers, promotions, contests, and events), (vii) process and deliver contest or sweepstakes entries and rewards, (viii) monitor and analyze trends, usage, and activities in connection with our services to promote our business interests (e.g., marketing), (ix) investigate and prevent fraudulent transactions, unauthorized access to or use of the Site or our services, and other illegal activities, and (x) personalize the Site and our advertising, including providing features or advertisements that match your interests and preferences. Notwithstanding the foregoing, Zenfolio may collect and use your personal information for any other purpose for which we obtain your consent. For the avoidance of doubt, you hereby agree that Zenfolio may contact you via any means, including SMS/text message and email, to furnish you information regarding a product order, shipping status, warranty-related information, and similar data and information pertaining to a commercial transaction.
7. Third-Party Disclosures
We may share your personal information with certain organizations and third parties in accordance with applicable law, including as set out below. However, we do not share personal information with third parties that we have reason to believe use such information for their own direct marketing purposes.
Service Providers. We may share your personal information with companies that provide services on our behalf, such as hosting and analyzing the Site, conducting surveys and marketing on our behalf, processing transactions, and performing analyses to improve the quality of the Site and our services.
Payment Card Transactions. Zenfolio uses Stripe for our payment card transactions. In turn, Zenfolio does not have access to your full credit card information and does not store or disclose your full credit card information. Any personal or financial information you provide to a third-party online payment system is subject to Stripe’s privacy terms.
Distributors and Business Partners. We may share your personal information with third parties that distribute our goods, products, and marketing materials.
Business Restructuring. Circumstances may arise where for strategic or other business reasons Zenfolio decides to sell, buy, divest, merge or otherwise reorganize our businesses. We may disclose your personal information to the extent reasonably necessary to proceed with the negotiation or with the completion of a merger, acquisition, divestiture or sale of all or a portion of Zenfolio’s assets.
Disclosure for Other Reasons. We may disclose personal information (i) if required by law, government order, or legal process, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the health and personal safety of any individual. In addition, Zenfolio may disclose your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, or business interests. We may also disclose your information upon your express consent.
In the event that you facilitate a transaction with Zenfolio, or request information from or otherwise engage with us, and such activities require Zenfolio to share your personal information with a service provider or other third party, you hereby consent to such disclosure.
8. Social Media Platforms
According to the terms and conditions governing certain social media platforms, you may request that the information, data, or other content we obtain from or through the social media platform (“Platform Data”) be deleted or modified. If you would like Platform Data related to you deleted or modified, please contacts us in accordance with the “Contact Us” section below and identify (i) the social media platform at issue and (ii) the Platform Data that you would like deleted and/or modified, and if modified, the modification to said Platform Data. We may also delete Platform Data if requested by the social media platform.
9. Links to Other Websites; Your Direct Third-Party Disclosures
10. Data Retention
11. Data Transfer Framework
Zenfolio is based in the United States and the personal information that we collect and process is retained and stored in the United States.LE You hereby acknowledge and agree that in order to satisfy our contractual obligations and to provide you the Services described here, we have to transfer and process your personal information in the United States. Please note that Zenfolio is subject to the Data Protection Framework (DPF) and will process our client’s personal information in accordance with the DPF.
12. Information Security
We seek to protect the security of your personal information and use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. HOWEVER, NO INFORMATION SYSTEM CAN BE FULLY SECURE AND WE CANNOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR PERSONAL INFORMATION. MOREOVER, WE ARE NOT RESPONSIBLE FOR THE SECURITY OF PERSONAL INFORMATION YOU TRANSMIT TO THE SITE AND/OR THE SERVICES OVER NETWORKS THAT WE DO NOT CONTROL, INCLUDING THE INTERNET AND WIRELESS NETWORKS, AND YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND DATA AT YOUR OWN RISK. TO THE EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE OR OTHERWISE RESPONSIBLE FOR ANY DATA INCIDENT OR EVENT THAT MAY COMPROMISE THE CONFIDENTIALITY, INTEGRITY, OR SECURITY OF YOUR PERSONAL INFORMATION THAT IS CAUSED BY A THIRD PARTY. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access our Services, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately if you have reason to believe that your username or password to our Services has been compromised. You acknowledge and agree that we may contact you via email or other electronic communications in the event we are legally required to notify you of a data security incident or event related to your personal information.
13. No Data Collected from Children
The Site is not directed at, nor intended for use by, children. As a result, if you are under the age of eighteen (18), you are prohibited from accessing or using the Services (including the Site).
14. Publicly Posted Information; Product Reviews
The Site may provide you with the ability to submit a comment on, provide an opinion about, rate, or otherwise discuss our Services (a “Product Review”) or provide other information (“Feedback”), which may be posted to a publicly available portion of the Site. Any information or content you post in a Product Review or in your Feedback will be available to other users of the Site (and our social media platforms) and may be retrievable by third-party search engines, and third parties may also be able to download or share your Product Review and Feedback to social media websites or elsewhere. We recommend that you guard your privacy and anonymity and not upload any information in your Product Review and Feedback that you wish to remain confidential. Any third party with access to your information via the Site will be permitted to use the information in the same manner as if you submitted the information directly to that third party. Publicly posting any information on the Site is entirely voluntary on your part, and we recommend you carefully consider the information you choose to make publicly available.
15. Your Responsibilities
You are permitted, and hereby agree, to only provide personal information to Zenfolio if such personal information is accurate, reliable, and relevant to our relationship and only to the extent such disclosure will not violate any applicable data protection law, statute, or regulation or infringe upon a person’s data privacy rights or privileges. IF YOU PROVIDE PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO ZENFOLIO, YOU EXPRESSLY REPRESENT AND WARRANT TO ZENFOLIO THAT YOU HAVE THE FULL RIGHT AND AUTHORITY TO PROVIDE ZENFOLIO WITH SUCH PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) AND THAT ZENFOLIO’S USE AND PROCESSING OF SUCH PERSONAL INFORMATION AS SET FORTH HEREIN WILL NOT VIOLATE ANY PERSON’S RIGHTS OR PRIVILEGES, INCLUDING RIGHTS TO PRIVACY. YOU HEREBY AGREE TO FULLY AND COMPLETELY INDEMNIFY ZENFOLIO FOR ANY CLAIMS, HARM, OR DAMAGES THAT MAY ARISE FROM YOUR PROVISION OF PERSONAL INFORMATION (INCLUDING PERSONAL INFORMATION CONCERNING A THIRD PARTY) TO ZENFOLIO.
16. Updating/Correcting Your Information
It is important that the personal information that you provide to us is accurate and reliable. In certain circumstances, the Site may offer you the ability to directly edit your account to update and change your personal information (e.g., name, telephone number, email, shipping address) and you must do so when such changes are warranted. If your account does not contain such features, then you must directly notify Zenfolio of any changes or updates to your personal information in accordance with the “Contact Us” section listed below.
17. Email Marketing and Your Rights
You have the right to opt out of receiving email marketing communications from us. Generally, the email marketing communications that you receive from us will provide you an option to “unsubscribe” from receiving future email marketing communications from us. You may also unsubscribe from such email marketing by contacting us in accordance with the “Contact Us” section listed below. You hereby agree to immediately notify Zenfolio, in writing, in the event you no longer own, license, or use an email address to which you subscribed to receive email marketing from us.
18. California Privacy Rights
Data Privacy Rights. Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), California residents are entitled to certain data privacy rights:
- Right to Know (Specific Pieces of Personal Information). You have the right to know the specific pieces of your personal information that we have collected about you.
- Right to Know (Categories of Personal Information). You have the right to know (i) the categories of personal information we have collected from you; (ii) the categories of sources from which the personal information is collected; (iii) the categories of your personal information we have sold or disclosed for a business purpose; (iv) the categories of third parties to whom your personal information was sold or disclosed for a business purpose; and (v) the business or commercial purpose for collecting or selling your personal information.
- Right to Delete. You have the right to request that we delete your personal information that we have collected and retain.
- Right to Correct. You have the right to request that we correct inaccurate personal information that we have collected and retain.
- Nondiscrimination. You have the right not to be subject to discrimination for asserting your rights under the CCPA.
Submit a Privacy Request. To submit a privacy request, you (or your authorized agent) may contact us using the “Contact Us” section below. An authorized agent must be registered with the California Secretary of State to conduct business in California.
Privacy Request Verification Process. If you (or your authorized agent) make any request related to your personal information, Zenfolio will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, Zenfolio will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email, request certain contact information or government identifiers, and we will match at least two pieces of such personal information with data that we have previously collected from you before granting you access to, erasing, or correcting, specific pieces or categories of personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights are absolute, and such rights are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA, please see https://oag.ca.gov/privacy/ccpa.
Opt-Out Rights / Do Not Sell My Personal Information. California residents have the right to opt out of the “sale” of their personal information. However, Zenfolio does not sell your personal information to third parties for profit, or monetary or other valuable consideration, and therefore we do not provide opt-out request processes for the sale of personal information (because we do not undertake such activities).
Opt-Out Rights / Do Not Share My Personal Information. California residents have the right to opt out of the “sharing” of their personal information. Zenfolio uses third-party analytical and targeted advertising features on our Site and similar web tools provided by our marketing partners, and such features, tools and marketing relationships involve the disclosure of your personal information to third parties and may constitute the “sharing” of your personal information for CCPA purposes. To opt out of this sharing of your personal information in these circumstances, please click on the cookie management tool (sometimes visible as a “Your Privacy Choices” or a “Do Not Sell/Share My Personal Information” link) on the footer of the Site to set your cookie preferences. You, or your authorized agent, may also contact us in accordance with the “Contact Us” section listed below.
Children. The Site is not directed at, and should not be used by, minors under the age of sixteen (16), and therefore Zenfolio does not knowingly sell or share the personal information of minors under sixteen (16) years of age.
Limit Use of Sensitive Personal Information. Zenfolio does not use or disclose sensitive personal information for reasons other than those set forth in the CCPA, and therefore we do not provide individuals with the ability to limit how we use or disclose such sensitive personal information.
California “Shine the Light.” Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties; however, we do not disclose personal data to third parties for their direct marketing purposes.
19. Nevada Privacy Rights
Zenfolio does not currently conduct “sales” of personal information for purposes of Nevada law. Notwithstanding the foregoing, Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their information to others. If you would like to exercise this right, please contact us in accordance with the “Contact Us” section listed below.
20. European Union (EU), Switzerland, and the United Kingdom (UK)
Data Protection Rights. If you are located in the EU, Switzerland, or the UK, you have the following data protection rights:
- Right to Know: The right to know about what personal information Zenfolio collects and processes about you, including the types and categories of personal information we collect and process, the sources of such personal information, our retention criteria, with whom we share your personal information, information on any cross-border data transfers, and how to file complaints and inquiries.
- Automated Decision Making. Zenfolio does not engage in any activity that subjects our customers, Site users, survey participants, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them.
- Access Rights. You may ask us whether we process any of your personal information and, if so, you may request to receive access to such personal information. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal information concerned as well as any other information necessary for you to exercise the essence of this right.
- Rectification. You have the right to have your personal information corrected/rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal information about you and, taking into account the purposes of the processing, update any incomplete personal information, which may include the provision of a supplementary statement.
- Erasure. You have the right to have your personal information erased, which means the deletion of your personal information by us and, where possible, any other controller to whom your data has previously been disclosed. However, your right to erasure is subject to statutory limits and prerequisites (e.g., where your personal information is no longer necessary in relation to the initial purposes for which it was processed, your personal information was processed unlawfully).
- Restriction of Processing. You have the right to obtain the restriction of the processing of your personal information, which means that we suspend the processing of your personal information for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal information is contested but we need time to verify the inaccuracy (if any) of your personal information.
- Data Portability. You have the right to request us to provide you with your personal information in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible.
- Right to Object. You have the right to object to the processing of your personal information, which means you may request us to no longer process your personal information. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see below “Legal Basis for Processing”). However, at any time (and free of charge) you can object to having your personal information processed for direct marketing purposes.
- Withdrawing Consent. You also may withdraw your consent at any time if we are solely relying on your consent for the processing of your personal information. However, this will not impact our legal basis to process such personal information prior to the withdrawal of your consent.
To exercise any of these data privacy rights, please contact us, or have your designated agent contact us, in accordance with the “Contact Us” section listed below. To the extent permitted by law, we will need to verify your identity (or the identity of your agent) and ensure the authenticity of your request.
Legal Basis for Processing. We process your personal information in accordance with the legal bases set forth in law. For example, our processing of personal information (as described herein) is justified based on the following legal grounds:
- Consent. Processing is based on your consent (e.g., you register to receive our marketing materials, you voluntarily contact us).
- Legitimate Interests. Processing is necessary for our legitimate interests as set out herein (e.g., monitoring your use of the Site and your compliance with the terms and conditions governing the same, improving our Services).
- Contract Undertaking. Processing is necessary for the performance of a contract to which you are a party (e.g., you purchase or consider purchasing our Services).
- Legal Compliance. Processing is required to comply with a legal or statutory obligation (e.g., tax disclosures).
Complaints. In the event you have concerns about our data processing, you have the right to file a complaint with your data protection authority.
- For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
- For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
- For the data protection authority in the UK, please contact the Information Commissioner’s Office (www.ico.org.uk).
We would, however, appreciate the opportunity to deal with your concerns before you approach a data protection authority with a complaint, and invite you to contact us in the first instance.
21. Do-Not-Track Signals
Some web browsers may transmit “do-not-track” signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Unless otherwise required by law, we currently do not take action in response to these signals.
22. Persons with Disabilities
23. Employment Applicants
24. Events and Video Teleconferencing
Zenfolio hosts and uses video teleconferencing platforms to facilitate conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Google, Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and you hereby consent to the recording of such activities.
25. Changes to the Policy