The General Data Protection Regulation (GDPR) gives you specific rights regarding your personal data. We're committed to transparency and making it easy for you to exercise these rights.
What is GDPR?
GDPR is a European Union law that protects your personal data and privacy. Even if you're not in the EU, we extend these same protections to all our users worldwide because we believe privacy is a fundamental right.
Your Rights Under GDPR
Right to Information
You have the right to know what personal data we collect, why we collect it, and how we use it. Our Privacy Policy provides complete transparency about our data practices.
Right of Access
You can request a copy of all personal data we hold about you. This includes your profile information, session data, photos, and any other data associated with your account.
Right to Rectification
If any of your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings.
Right to Erasure ("Right to be Forgotten")
You can request that we delete your personal data. When you delete your account, we permanently remove all your data from our systems within 30 days.
Right to Restrict Processing
You can ask us to limit how we process your data while we investigate any concerns you may have about accuracy or our use of your data.
Right to Data Portability
You can request your data in a machine-readable format so you can transfer it to another service. Our data export feature makes this simple and comprehensive.
Right to Object
You can object to certain types of data processing, including marketing communications. You can opt out of marketing emails at any time.
How to Exercise Your Rights
Exercising your GDPR rights is simple:
- In Your Account: Most data management can be done directly in your account settings
- Data Export: Use our built-in data export feature to download all your data
- Account Deletion: You can delete your account and all data from your account settings
- Contact Us: For any other requests, email us at privacy@photomanagementsystem.com
Response Times
We respond to GDPR requests within the required timeframes:
- Simple requests: Within 72 hours
- Complex requests: Within 30 days
- Data portability: Immediate (via automated export)
- Account deletion: Within 30 days
Data Processing Legal Basis
We process your personal data based on:
- Contract: To provide our photography management services
- Legitimate Interest: To improve our service and prevent fraud
- Consent: For marketing communications (which you can withdraw at any time)
- Legal Obligation: To comply with tax and business regulations
Data Transfers
Your data is primarily processed in secure data centers within the EU and US. When data is transferred outside the EU, we use:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where available
- Additional safeguards to ensure data protection
Data Retention
We keep your data only as long as necessary:
- Active accounts: While your account is active
- Inactive accounts: 2 years after last login
- Financial records: 7 years for tax compliance
- Support tickets: 3 years for service improvement
Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it immediately.
Data Protection Officer
While we're not required to have a Data Protection Officer, we have designated a privacy team to handle all GDPR-related matters and ensure compliance.
Contact Our Privacy Team
Email: privacy@photomanagementsystem.com
Response Time: Within 72 hours
Address: Photography Management System
GDPR Compliance Team
[Your Business Address]
Complaints
If you're not satisfied with how we handle your data or respond to your requests, you have the right to lodge a complaint with your local supervisory authority.
Last Updated: August 25, 2025