Zenfolio Privacy Notice

Welcome to Zenfolio!

Terms of Service | Privacy Policy | Privacy Notice | Copyright Policy

Website Terms of Use | Cookie Policy | Open Source Fonts

Date of Last Revision: November 17, 2020

SOME USEFUL DATA PRIVACY FACTS FROM YOUR FRIENDS AT ZENFOLIO

We’ve provided this Privacy Notice to help you understand how Zenfolio, Inc. (“Zenfolio,” “we,” “us,” or “our”) collects and uses personally-identifiable data and, for California residents, to inform them of the categories of personal information we collect and the purposes for which the categories of personal information will be used, as required under the California Consumer Privacy Act of 2018 (“CCPA”).

For a detailed description about what data we gather and how we use it, please review our Privacy Policy, our Zenfolio Terms of Service for our online services for photographers, and our Photobooker Terms of Service for our online photographer booking service.

What does Zenfolio do?

Zenfolio offers two online platforms, one at www.zenfolio.com that allows photographers to exhibit, organize, print, sell, exchange, and share digital images, videos and related products, and the other at www.photobooker.com that allows photographers and their prospective customers to arrange photoshoots (such websites referred to collectively as the “Site” and the Site, together with the corresponding services, referred to as the “Services”).

Why does Zenfolio need personal information?

Operation of our Services necessarily requires in the collection of “personal information,” which is defined in the CCPA broadly to include data that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device.  The categories of personal information that we collect are listed below, but here are a few examples of why we need to collect personal information:

For example, in order to establish accounts for photographers at www.zenfolio.com, we need basic information about them, such as their names, addresses, phone numbers, email addresses, payment information and payout information. And in order to process orders, we collect similar information from the photographers’ customers, such as, such as name, shipping address, email address, phone number and payment information. 

As another example, when photographers and customers book photoshoots through photobooker.com, we collect their contact information, including names, email addresses, phone and numbers, in order to maintain the scheduling information for the photoshoot and to enable communications between the photographer and the customer.

We only collect personal information from you when you use our Services or interact with our customer support personnel.  We don’t collect any personal information from any other source. 

Also, we don’t sell your personal information.  We use it only to enable the Services.  Please note that we cannot provide the Services if you don’t allow us to use your personal information, so if you don’t like that your personal information will be used for that purpose, we can’t provide Services to you. By user our Services, you are expressly consenting to our use of your personal information for that purpose. 

What categories of personal information does Zenfolio collect?

Below is a summary of the categories of personal information we may have collected from consumers within the last twelve (12) months and the main purpose for its collection.  Please note that not all of the information identified below is collected from every end user.

Category Examples General Business Purpose
Registration information Email

Name

Address

Phone number

Password

To provide our Services and communicate with subscribers
Photographer financial information Credit Card number

SSN

Bank details

To provide our Services, to process transactions for our Services and for our photographer subscribers
Customer transaction information Name

Email

Phone number

Shipping address

Payment information

To provide our Services, to enable ecommerce transactions, to fulfill orders, and to communicate with customers
Photoshoot information IP address

Location

Name

Email

Phone

To provide our Services and to enable our photoshoot scheduling
Technical information IP Address

Cookies

Social media contact info.

To provide our Services, to enable logon sessions, to learn more about our visitors, and to improve our Services
Support information Name

Email

Phone number

To provide our Services and to provide support to our photographer subscribers and to customers
Sensitive personal information  Information about images uploaded by photographers, which may include facial recognition data.  Photographers, not Zenfolio, control the use of facial recognition tools and the identification of facial recognition data to a name or identity of an individual. For sorting or organizing photographs in a gallery.

We will not collect additional categories of personal information from you or use it differently than as described unless we provide you with advance notice and obtain your consent.

Please note that photographers may elect to make it easier for their customers to identify or sort photographs in their photo galleries by implementing facial recognition tools we make available through our services.  While Zenfolio may host such facial recognition data to enable photographers to identify and organize their images, the photographers have control of identifying any facial recognition data to a name or identity and are solely responsible for doing so.  Zenfolio only uses that data as implemented by photographers, and does not sell that data or use it for any other purpose.  Further, Zenfolio does not have any independent method to be able to identify or verify any individual based on that facial recognition data.  Zenfolio considers such data as Processor Data as described in the Zenfolio Privacy Policy, and retains it so long as the photographer utilizes those features.  Accordingly, requests pertaining to such data may have to be resolved by the applicable photographer.

What are other uses of personal information?

In addition to the uses described above, we may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided. For example, if you contact our customer support, we may use your email address to communicate with you about your support issue.
  • To provide you with information, products or services that you request from us.
  • To provide you with alerts and other notices concerning our products or services.
  • To carry out our obligations and enforce our rights under the Zenfolio Terms of Service and/or Photobooker Terms of Service.
  • For testing, research, analysis and product development to improve our Services.
  • To protect the rights, property or safety of us, our subscribers or others and to respond to legal requests.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • For the other purposes set forth in our Privacy Policy.

Is Zenfolio a “controller” or a “processor”?

Lots of companies are making distinctions about who is a “controller,” and who is “processor,” when it comes to using personal data. That’s because the EU General Data Protection Regulation (“GDPR”) effective May 25, 2018, distinguishes a “controller,” (the party primarily responsible for protecting “personal data”) from a “processor” (which is essentially a subcontractor that has secondary, but important responsibilities to protect “personal data”). And CCPA distinguishes between a business that collects personal information and its service providers.  In the context of providing services to photographers, Zenfolio would be considered a “processor” under GDPR and a “service provider” in its provision of Photographer Services, as described in the Zenfolio Terms of Use. Where we mange accounts and fulfill transactions for you, we would be a “controller” under GDPR and a “business” under CCPA.

How does Zenfolio work with third parties?

Zenfolio engages third parties to provide hosting, printing, transactional and other services. Those third parties, under contract with Zenfolio, provide (i) the backend, hosting, technology, and communications systems necessary for the Services to function (“Back End Providers”), (ii) print and order fulfillment providers that fulfill print orders for the Zenfolio Service and enable financial transactions (“Fulfillment Providers”); and (iii) analytics services and customer support platforms (“Service Providers”). We have contractual agreements with those third parties that require them to adhere to applicable data privacy and confidentiality requirements, including GDPR-specific addendums where applicable.

Where is the data held?

Zenfolio utilizes data centers in the United States, where all of our necessary systems are located. Some of our support programs leverage affiliated companies in the European Union (EU) to provide customer support, and those European-based customer support teams may have remote access to account information, but they do not store that information. Transfers of personal data to and among our affiliates are subject to terms of intercompany agreements governing the transfer of data to the United States and protection of that data under applicable law. Also, we require that you acknowledge and agree to allow us to transfer data to the United States, so if you’re not willing to provide that consent, you shouldn’t use our products and services.

What safeguards does Zenfolio utilize to protect data?

We take appropriate technical and organizational measures for our systems to comply with data privacy to ensure a level of data protection appropriate to the risk resulting from the processing of personal data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the severity and likelihood of realization of risks for the rights and freedoms of folks who’ve provided the data.

What are my rights as a California resident?

The CCPA provides California residents with specific rights regarding their personal information, as described below

Opt Out of the Sale of Personal Information

The CCPA requires that we notify you of your right to opt out of the sale of your personal information.  However, we don’t sell your personal information as contemplated under the CCPA, so there’s no need for you to opt out of the sale of your personal information.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Note that under the CCPA you may only make a verifiable consumer request for access or data portability twice within a 12-month period. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose:
    • The categories of personal information that we’ve sold about you and the categories of third parties to whom the personal information was sold.
    • The categories of personal information that we disclosed for a business purpose.  .

For more information about the specific personal information we may have collected about you in the past 12 months, please send us an email request to do so at [email protected] or a written request at our office address set forth at the end of this notice. 

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

As discussed above, we can’t provide any Services to you without your personal information, so if you ask us to delete your personal information, we will have to terminate your accounts on our system and you will no longer be able to use the Services for their intended purpose. 

If you still want us to delete your personal information, you have to send us a verifiable request for us to do so.  To send a deletion request to use, please send us an email request to do so at [email protected] or a written request at our office address set forth at the end of this notice.

Please note that the CCPA includes a number of exceptions that allow us to retain your personal data despite your deletion request, so we may retain your personal data under those exceptions.

A note on verification

If you’ve sent us a request as noted above, we will need to verify who you are.  We may be able to verify you via email or through your account with the Services if you’re a subscriber.  However, if you’re not a subscriber or a customer, or if we don’t have sufficient data about you, we may not be able to verify who you are. 

Also, where we act as a service provider to a photographer, we will pass on your verified request to the applicable photographer and will treat your personal information in compliance with our legal obligations to our photographers and under the CCPA. 

What do I do if I have concerns about use of my data?

If you have concerns about use of your data, contact us at [email protected] or the address noted below. Please review our Privacy Policy for specific details about what is required of you when you contact us. And please remember that the choice to use our products is entirely yours: if you’re not comfortable with letting us use data as described in this Privacy Notice, in our Privacy Policy, and in either the Zenfolio Terms of Service or the Photobooker Terms of Service, then please don’t use the Services.

Zenfolio Inc.
Attn: Legal Department – Privacy
3515-A Edison Way
Menlo Park, California 94025

ZENFOLIO PRIVACY POLICY

Welcome to the web site (the “Site”) of Zenfolio, Inc. (“Zenfolio,” “we”, “us” and/or “our”). This Site is operated by Zenfolio and has been created to provide information about our company and the services we offer, including our online platform that allows photographers to exhibit, organize, print, sell, exchange, and share digital images, videos and related products, and enables end users to search and purchase those products (together with the Site, the “Services”), to our Services customers and users (“you”, “your”). This Privacy Policy sets forth our policy with respect to information including personally identifiable data (“Personal Data”) and other information that is collected from visitors to the Site and Services.

We abide by and have certified adherence to the principles of the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Further, Zenfolio is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.   

Information We Collect: When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:

Personal Data That You Provide Through the Services: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, register for access to the Services, purchase products, or use certain Services where Personal Data is required.  Personal Data may include your name, address, email address, telephone number, and billing information, such as credit card numbers and billing address. We ask that in using our Services, you keep your information as up-to-date as possible, so please go to your Account to make any necessary changes. 

You have a right to access the personal information held about you. You can obtain a copy of your personal information and request changes or deletion of your personal information and/or account by emailing us at [email protected] For your protection, you may be required to provide proof of your identity before obtaining a copy of your personal information.

By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. If you provide Personal Data to us through use of the Services, you acknowledge and agree that such Personal Data may be transferred from your current location to our offices and servers, and those of authorized third parties referred to herein, located in the United States. If we have received your Personal Data from you and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your Personal Data in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Individuals may have the right to limit the use and disclosure of their personal information as required by the Privacy Shield’s Principles, such as whether your personal information is disclosed to a third party or used for purposes materially different from the purpose for which the personal information was originally collected or subsequently authorized by you.  If you wish to limit the use and disclosure of personal information in accordance with the Privacy Shield Principles, please contact us at [email protected].

Personal Data We Receive as a Processor: We may receive Personal Data about you from photographers who upload that data to our platform for use with certain features of our Services (“Processor Data”).  Management of Processor Data is solely in the control of the applicable photographer, and our only use of Processor Data is to store it and to make it available to the applicable photographers as part of the Services provided to them.  We require photographers to obtain your consent in order for us to use Processor Data as described above, and we comply with applicable laws as a processor in that regard.  To exercise rights or choices with respect to Processor Data, please make your request directly to the applicable photographer for whom we process that data.

Other Information: 

Non-Identifiable Data: When you interact with us through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information itself or such information may be included in databases owned and maintained by our affiliates, agents or service providers, and is used as provided in our Terms of Service. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.  

In operating the Services, we and our service providers may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Cookies help provide additional functionality to the Services, help us analyze Services usage more accurately, and meet contractual obligations to make payments to third parties when they introduce a new customer to us. For instance, our Site may set a cookie on your browser that allows you to access the Services without needing to remember and then enter a password more than once during a visit to the Site. In all cases in which we use cookies, we will not collect Personal Data except with your permission. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Service features.

Aggregated and Anonymized Personal Data: In an ongoing effort to better understand and serve the users of the Services, we often conduct research on its customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with its affiliates, agents, business partners and customers. This aggregate information does not identify you personally. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Analytics and Tracking Technologies:  We may, and we may allow third party service providers to, use cookies (as noted above) or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site.  For more information about the third party service providers we use and the data collected by them, see our Third Party Providers page as updated by us from time to time, which is incorporated herein by reference. 

Our Site currently does not respond to “Do Not Track” (DNT) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy.

Our Use of Your Personal Data and Other Information: We use the Personal Data you provide in a manner that is consistent with this Privacy Policy. If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data to us in order to obtain access to the Services, we will use your Personal Data to provide you with access to such services and to monitor your use of such services. For Processor Data, we use that data only for the provision of Services to the photographers who have uploaded that data.  We may also use your Personal Data and other personally non-identifiable information collected through the Services to help us improve the content and functionality of the Services, to better understand our users and to improve the Services, and to fulfill your orders.  If you have accepted our Terms of Service and provided necessary consents for us to contact you, we may also contact you in the future to tell you about services we believe will be of interest to you.  If you are no longer interested in receiving e-mail announcements and other marketing information from us, please e-mail your request to [email protected] Please include your complete name, e-mail address and mailing address. Note that you may still receive transaction related communications from us, as provided in our Terms of Service.

Our Disclosure of Your Personal Data and Other Information: We are not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below: 

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.  

Agents, Photographers, Consultants and Related Third Parties: We, like many businesses, sometimes hire other companies to perform certain business-related functions. Examples of such functions include mailing information, order processing and fulfillment, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function. And when we fulfill orders, we may share that order information with the applicable photographer.

Legal Requirements: We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including disclosure in response to lawful requests or for the purpose of meeting national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability. 

Your Choices:

You can visit the Site without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Services. 

Exclusions: This Privacy Policy does not apply to any Personal Data collected by us other than Personal Data collected through the Services. This Privacy Policy shall not apply to any unsolicited information you provide to us through the Services or through any other means. This includes, but is not limited to, information posted to any public areas of the Services, such as forums, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.  Also, Zenfolio assumes no responsibility for the disclosure of information to any photographer who maintains a website hosted on the Zenfolio platform, including information you provide to the photographer for an order placed for fulfillment with the photographer. You specifically agree to hold Zenfolio harmless from any liability arising out of the use or misuse of any information submitted in the process of placing orders to be fulfilled directly by photographers.

Children: We do not knowingly collect Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through the Services, please contact us, and we will endeavor to delete that information from our databases. 

Links to Other Web Sites:  This Privacy Policy applies only to the Services. The Services may contain links to other web sites not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies. 

Integrating Social Networking Services: You may wish to share information and activities from the Services with social media platforms. To utilize social media sharing features, you will be prompted to grant permissions within those platforms, as you choose. For Facebook updates, you will need to allow account login and publishing permissions. This enables you to: post questions and content to a feed, upload photos/videos, add likes and comments, create notes and post to events and groups. However, please remember that the manner in which social networking services use, store and disclose your information is governed by the policies of such third parties, and we shall have no liability or responsibility for the privacy practices or other actions of any social networking services that may be enabled within the Services. 

Security: Zenfolio uses standard industry security practices to protect Your personal information including Secure Socket Layer (SSL) transmission technology for all sensitive information exchanges. This technology encrypts information You send us to avoid it being intercepted before reaching our secure HTTPS servers. We follow generally accepted industry standards, including physical, electronic and managerial safeguards to protect the Personal Data submitted to us from unauthorized access or disclosure. These safeguards are regularly reviewed to protect against unauthorized access, disclosure and improper use of your information, and to maintain the accuracy and integrity of that data. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We assume no liability for any disclosure of data due to errors in transmission, unauthorized third-party access, or other acts of third parties. 

Changes to This Privacy Policy: The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy. 

Contacting Zenfolio: Please also feel free to contact us if you have any questions about this Privacy Policy or the information practices of the Services. You may contact us as follows: [email protected].

In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield.  European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact us at: [email protected].  As noted above, for issues regarding Processor Data, you should contact the applicable photographer.  However, if the photographer does not time address your concerns, please contact us at: [email protected] with details about your issue. 

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS, our U.S.-based third party dispute resolution provider (free of charge), at https://www.jamsadr.com/eu-us-privacy-shield. 

If you have a Privacy Shield complaint that cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Last updated: 3/22/2021

*Promotion valid until October 31, 2021 at 11:59 p.m. PST. Promotional discount off the subscription price of a new ProSuite or PortfolioPlus annual plan will be automatically applied at checkout with code PROSUITE50. Discount applies to the first year only. Cannot be combined with any other promotion. Portfolio, Portfolio Plus and ProSuite plans are currently available to customers in the United States only.