Privacybeleid
[Last Updated: december 24, 2023]
This privacy policy (“Privacy Policy”) describes how Pic-Time Ltd. (“Pic-Time”, “we”, “us”, or “our”) collects, uses and discloses certain information, including your personal information, and the choices you can make about that information.
Pic-Time is the developer and operator of an online-based SaaS platform (“Platform”) for professional photographers (“FOTOGRAFEN”) enabling them to upload content such as photos, videos and additional digital files and store such content, create online galleries (“Gallery” or “Galleries”), offer their clients various merchandise and online social features, customize portfolio pages, and to use the marketing services and tools (“Services”).
This Privacy Policy which is incorporated by reference in our Terms of Service, and any other terms or documentation (together “Terms”) governs the processing and transfer of data collected in connection with visitors browsing our website available at https://www.pic-time.com/ (“BEZOEKERS” and “website” respectively), as well as Photographer using the Services and Photographers’ clients, customers and end users which login to view their Galleries (“Client(s)”). Visitors, Photographers and Clients collectively shall be referred to as “you” unless otherwise required.
1. POLICY AMENDMENTS:
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to this Policy will become effective within 30 days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.
2. CONTACT INFORMATION:
Pic-Time Ltd. is the controller entity, incorporated under the laws of Israel, its address: 1000 N West Street, Suite 1200 #3015, Wilmington, DE 19801, USA.
You may contact us and our privacy team as follows:
• For privacy inquires, email to our DPO: dpo@pic-time.com
• By Mail: 1000 N West Street, Suite 1200 #3015, Wilmington, DE 19801, USA.
• For general inquiries, by email: info@pic-time.com
• For technical support, by email: support@pic-time.com
Data Protection Representative in the UK & EU Contact Information:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
• United Kingdom (UK)
Prighter Ltd20 Mortlake Mortlake High Street, London, SW14 8JN, United Kingdom
• European Union (EU)
Maetzler Rechtsanwalts GmbH & Co KG
Schellinggasse 3/10, 1010 Vienna, Austria
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/18322104981”
3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE:
We may collect two types of information from you, depending on your interaction with us.
The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data which is being collected may include your aggregated usage information and technical information transmitted by your device and may contain, among other things, the type of operating system, type of browser you use, and the time and date you browse our website, or access our Services or Galleries.
The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”). For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists. As detailed below, we may also collect or process sensitive Personal Data constituting children's photographs, or revealing bio-metric data, sexual or nude photographs, etc. (“Special Categories of Personal Data”).
Our face-grouping feature, which allows specific individuals to be detected in photographs uploaded to the Services, and enables users’ to search for specific photos within the gallery (e.g., photos that include one or a couple of guests) may include certain facial recognition information such as distance between the eyes, the shape of the nose and other facial landmarks (“Face Data”). Depending on the applicable laws, some of the information collected by the facial recognition feature may be considered "biometric data". You will be able to opt-out of such data collection by opting out of the facial recognition feature altogether. Face recognition related-data, including biometric data that we collect from you, will only be used to provide Services. The biometric data will be stored securely in our database and will only be retained for as long as required by applicable law.
We will not sell, lease, trade or otherwise profit from your Personal Data that constituted as Special Categories of Personal Data, nor will any of our vendors, service providers or partners who have access to such data be permitted to do so.
The table below details the processing of Personal Data, the purpose, lawful basis and processing operations:
BEZOEKERS
DOEL EN WERKING
WETTIGE BASIS
Online Identifiers and Usage Data
When you access our website, we collect certain online identifiers through first party cookies, which are strictly necessary for the operation of the website and Platform, and through third party cookies for analytics and marketing. Such identifiers include IP address, log files, device identifiers, unique ID, and other unique identifiers. A device identifier may remain persistently on your device, to help you log in and navigate the Services better (“Online Identifiers”). Through these cookies, we also collect information on how you use our website, such as click stream data, duration of use, time and date you enter or exit the website (“Usage Data”).
De doeleinden van het gebruik van first-party cookies zijn operationele en technische doeleinden, zoals het uploaden van de website, fraudepreventie en gegevensbeveiliging, het onthouden van u wanneer u de Services opnieuw bezoekt, het uploaden van het winkelwagentje mogelijk maken, enz. .
De doeleinden van het gebruik van cookies van derden zijn tracking
technologieën voor analytische, marketing- en reclamedoeleinden.
When we are processing such information which is strictly necessary for operating the website and Platform, it is based on our legitimate interest to enable the operation of the website and the Services.
When we are processing such information for marketing, tracking, analysis and advertising purposes, it will be subject to your consent provided through the cookie notice and a consent management tool that is used on
the website. You may withdraw consent at any time by using the cookie preference settings.
Contact Information
If you voluntarily contact us through any form available on the website or by email, you may be required to provide us with certain information such as your full name, email address, and any additional information you decide to share with us (“Contact Information”).
Wij verwerken de contactgegevens om u een antwoord op uw vraag te kunnen geven.
Ook kunnen wij de inhoud van onze correspondentie met u verwerken om deze te verbeteren
onze ondersteunende diensten.
We process Contact Information subject to our legitimate interest. We may keep such
correspondence for records keeping, for any future possible legal claims or disputes, or if we are legally required to.
Location Data
When you access our Services, we process location data that may include approximate location extracted from the IP or GPS location, where made available through your device.(collectively “Location Data”)
We verwerken locatiegegevens voor veiligheids- en verificatiedoeleinden, maar ook om
onze Diensten aanpassen.
Wanneer we locatiegegevens verwerken voor werking en veiligheid, verwerken we uw gegevens op basis van ons legitieme belang.
Careers
When you apply for a position, we will process your CVs as uploaded by you, your name, email address, phone number, your education and skills, employment history,
and your photo (to the extent provided by you). (“Recruitment Information”).
We verzamelen wervingsgegevens om uw sollicitatie te verwerken, voor doeleinden van wervingsbeheer, voor verdere wervingsstappen (bijvoorbeeld een sollicitatiegesprek) en om ons in staat te stellen te voldoen aan de vereisten op het gebied van bedrijfsbestuur en wet- en regelgeving.
Als u wordt aangenomen, kunnen uw wervingsgegevens bij HR worden opgeslagen als onderdeel van uw werknemersdossier en onder ons bedrijfsbeheer.
We verwerken wervingsinformatie op basis van ons legitieme belang.
We bewaren uw gegevens voor het bijhouden van onze administratie en toekomstige verdediging tegen juridische claims onder ons legitieme belang, of als u toestemming hebt gegeven om in de toekomst contact met u op te nemen.
Na de voltooiing van het wervingsproces kunnen we de wervingsinformatie verder bewaren en opslaan als onderdeel van onze interne administratie, inclusief voor juridische verdediging tegen toekomstige claims, en, indien wij dit van toepassing achten en onderworpen zijn aan toepasselijke wettelijke vereisten, om in de toekomst contact met u op te nemen voor andere vacatures waarvan wij denken dat deze bij uw kwalificaties passen.
Newsletter Registration
In the event you sign up to receive our newsletter or other marketing materials, you will be requested to provide your contact details, such as your email address.
Wij zullen uw e-mailadres gebruiken
om u onze te sturen
nieuwsbrief en andere marketing
materialen.
We process such information subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly.
FOTOGRAFEN
DOEL EN WERKING
WETTIGE BASIS
Registration Information
In order for you to access our Services, Platform or certain features on the website (including the free trial), you will need to register and create an account (“Account”).
As part of the registration as a Photographer, you will be requested to provide us with certain information such as your full name, email address, phone number, tax ID, user name, and password (“Registration Information”).
You are also able to log in through your social media accounts (i.e., Facebook and Instagram), if you do so we will receive your publicly available information (name and email address).
We gebruiken de Registratiegegevens om de Services te beheren, ondersteunen en leveren, zoals het aanmaken van uw Account, het verifiëren van uw identiteit en het inschakelen van de Services.
We process Registration Information for the purpose of performing our
contract with you, subject to our
Terms of Service.
Payment Information
As part of the Services, you may need to provide us with your payment details your name, full address, phone number, and payment information (e.g., credit card or PayPal UID); however, we do not collect any credit card information, as we use third party payment processors which may include
PayPal,
Stripe,
Square and
BlueSnap, pursuant to their privacy policy linked (“
Payment Information”).
Wij verwerken deze informatie voor factureringsdoeleinden, zodat u gebruik kunt maken van de
Diensten.
We process Payment Information as part of the performance of our contract with you.
Subject to legal obligation, we may record transaction information, such as your payments and purchase history.
Contact Information- Customer
Support
When our customers contact us for customer support, we will process your Contact Information.
We zullen contactgegevens gebruiken om de benodigde klantenondersteuning te bieden. We zullen dergelijke correspondentie zo lang bewaren als nodig is, en als bewijs dat de ondersteuning is verleend.
We process such information for
performing our contract with you.
Contact Information - Direct
Marketing
As a Photographer, we will send
you invoices, materials and marketing content through the email information you provided during your onboarding
(“Direct Marketing”).
We will use this information to keep you updated with offers and content such as new capabilities and features, surveys, invoices and supporting documentation.We use third party service providers for the purpose of managing our marketing activities, such as
Mailchimp and
SendGrid, which will process your data on our behalf.
We process such information subject to our legitimate interest. You can opt-out at any time by using the “unsubscribe” option.
Photographer Usage Data
When you access or use our Platform or Services, information regarding such use is automatically generated and collected, which may include the click stream within the Platform, the use of the Services (i.e., accessed or used by you) and the time spent on those pages or features, crash data and analytics, crash and errors, your purchases, etc. (“Photographer Usage Data”).Such data might be considered as Personal Data, when it is linked to or combined with other types of identifying data such as online identifiers, account, email address, username, etc.
We gebruiken deze informatie om ons te helpen begrijpen hoe u ons Platform gebruikt en hoe we onze Diensten beter kunnen leveren en verbeteren. Dit helpt ons om het beter te begrijpen
ons bedrijf, analyseren onze activiteiten, onderhouden, verbeteren, innoveren, plannen, ontwerpen en ontwikkelen van de Service en onze nieuwe
producten. We gebruiken dergelijke gegevens ook voor statistische analysedoeleinden
test en verbeter onze aanbiedingen, beslis
hoe u de Services kunt verbeteren
op de resultaten verkregen uit deze verwerking.
We process such data subject to
our legitimate interest.
Photographs
When a Photographer uses our Services, they upload content, photos, videos, GIF, etc. on the Platform (“Photographs”) for the purpose of managing and storing the Galleries or offering their Clients to log-in and view the Photographs as further detailed below. The Photographs can include sensitive information, Special Categories of Personal Data (nude, sexual content, minors) and may also infer or provide information such as gender, ethnicity (by means of example if the Photograph includes cloture or religiose symbols, images inferring the gender, etc.).
Wij verwerken, hosten en bewaren de Foto's zodat onze Fotografen hun Galerijen kunnen beheren en de Diensten kunnen gebruiken.
As the Processor of this data (as such term is defined under data protection laws), the processing is subject to the Photographers’ instructions and subject to a Data Processing Agreement, such as the Pic-Time’s
Data Processing Agreement.Face Data
By uploading the Photographs and using the AI face recognition feature, we will process facial recognition information, such as run face scan and possibly extract features of your face (e.g., distance between the eyes, the shape of the nose and other facial landmarks). This information may be considered as biometric data in certain jurisdictions (i.e., Illinois, Texas).
We zullen deze informatie alleen gebruiken om u onze Services te leveren, de functie voor gezichtsgroepering aan te bieden en uw ervaring met de Services te verbeteren. We zullen ervoor zorgen dat er een hoge beveiligingsstandaard wordt gehanteerd en we zullen een specifiek individu of informatie over een dergelijk individu niet samen met de gezichtsgegevens identificeren.
We process such information to provide the face grouping feature, to comply with our contractual obligations towards the Photographers and as part of delivering our Services to them. We are the Processor of such information, acting on behalf of the Photographers.Therefore, the processing is subject to the Photographers’ instructions and subject to a Data Processing Agreement, such as the Pic-Time’s
Data Processing Agreement.
CLIËNTEN
DOEL EN WERKING
WETTIGE BASIS
Client Registration Information
In order for you to access a Gallery you will be invited by the Photographer via a link. We will process your name, username and password that you will be provided during the registration process, as well as the Photographs available in your Gallery.
Om een veilige toegang van Klant mogelijk te maken
naar de Galerij.
We process such information for
performing our contract with you
or the Photographer as applicable.
Commercial Information
The Photographers may offer certain merchandise or printing the Photographs, the billing for such services can be done either by Photographer or directly through Pic-Time Platform. When payment is processed through the Platform you will be requested to provide customary billing information including, name, address, email address, phone number and your payment details; however, we do not collect any credit card information.
We will use and process such information in order to enable the transaction. We use third party payment processors, such as
PayPal ,
Stripe,
Square and
BlueSnap pursuant to their privacy policies linked (“
Purchase Information”).
Deze informatie wordt verwerkt
voor het uitvoeren van ons contract met
jij of de fotograaf en wil
u in staat stellen een aankoop te doen.
Onder voorbehoud van wettelijke verplichtingen, mogen wij dat wel doen
registreer commerciële en transactie
informatie, zoals uw
betalingen en aankoopgeschiedenis.
Usage Data
When you access the Gallery, we process the Online Identifiers and Usage Data, as defined above.
Wij zullen dergelijke informatie gebruiken in
om te exploiteren, te voorzien, te onderhouden,
onze Services beschermen en beheren.
We process such information
subject to our legitimate interest.
Share on Social Network
You can choose to share the Photograph on your social networks or website, directly from the Platform.
Technisch gezien via het toepasselijke
API, we zullen uw foto plaatsen als
door u gevraagd, houd er rekening mee
dat volgens uw instellingen aan
Sociale netwerken, jij maakt de
Foto openbaar beschikbaar.
Wij verwerken dergelijke informatie voor
de uitvoering van ons contract
met jou.
Please note that the actual
processing operation per each purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction. Transfer of Personal Data to third party countries as further detailed in the Data Transfer section is based on the same lawful basis as stipulated in the table above. In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
4. HOW WE COLLECT YOUR INFORMATION:
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:
•
Automatically, when you visit our website or interact with the Platform, including through the use of Cookies (as detailed below) and similar tracking technologies.
•
Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, as through the Services, contact us communications, registration, etc.
•
Provided by Third Parties – as detailed above, our Photographers may provide us with your photographs or email address.
COOKIES AND SIMILAR TECHNOLOGIES:
We use “cookies” (or similar tracking technologies) when you access the website or interact with the Services we offer. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. You can find more information about cookies at
http://www.allaboutcookies.org/.Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, as well as for advertising purposes. You can find more information about our use of cookies, as well as change your settings and preferences, as detailed under our Cookie Policy.
5. DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:
We share your data with third parties, including with trusted partners or service providers that help us
provide our Services. You can find here information about the categories of such third-party recipients.
GEGEVENS DIE WORDEN GEDEELD
DOEL VAN DELEN
Dienstverleners
Verschillende soorten Persoonsgegevens, Online Identificatiegegevens, Gebruiksgegevens, Registratie
Informatie, enz.
Daarom delen wij uw gegevens met externe entiteiten, met als doel het hosten, opslaan, analyseren en beoordelen van dergelijke informatie namens ons bij het leveren van de Diensten, of voor andere verwerkingsbehoeften. Het is deze entiteiten verboden uw persoonlijke gegevens voor andere doeleinden te gebruiken dan het leveren van de gevraagde diensten aan ons.
Fotolaboratoria, leveranciers van merchandise en aanverwante dienstverleners.
Foto's, contactgegevens (voor verzending), betalingsinformatie, etc.
We kunnen dergelijke Persoonsgegevens bekendmaken aan onze dienstverleners (inclusief, maar niet beperkt tot, betalingsverwerkers, printpartners en marketingaanbieders) om namens ons bepaalde gevraagde diensten uit te voeren, zoals
onze fotolabs van derden. Daarom delen wij uw gegevens met externe entiteiten, voor de
doel om dergelijke informatie namens ons op te slaan, of voor andere verwerkingsbehoeften. Het is deze entiteiten verboden uw persoonlijke gegevens voor andere doeleinden te gebruiken dan het leveren van de gevraagde diensten aan ons.
Elke overnemende partij van ons bedrijf
Alle soorten persoonlijke gegevens
We kunnen persoonlijke gegevens delen in het geval van een bedrijfstransactie (bijvoorbeeld de verkoop van een substantieel deel van ons bedrijf, fusie, consolidatie of verkoop van activa). In het geval van het bovenstaande zullen onze gelieerde bedrijven of overnemende bedrijven de rechten en plichten overnemen zoals beschreven in dit Beleid.
Juridische en wetshandhaving
Onder voorbehoud van wetshandhavingsautoriteiten
verzoek.
We kunnen bepaalde gegevens bekendmaken aan wetshandhavingsinstanties, overheidsinstanties of geautoriseerde derde partijen, als reactie op een geverifieerd verzoek met betrekking tot terreurdaden,
strafrechtelijk onderzoek of vermeende illegale activiteit of enige andere activiteit die ons, u of een andere gebruiker kan blootstellen aan wettelijke aansprakelijkheid, en uitsluitend voor zover noodzakelijk om aan een dergelijk doel te voldoen.
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the
Transfer of Data section below, is based on the same lawful basis as stipulated in the table above. In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
6. USER RIGHTS:
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending
on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“
DSR”) form available
HERE,
and sending it to:
dpo@pic-time.com.
Certain rights can be
easily executed independently by you without the need to fill out the DSR Form:
• As a Photographer, you can correct certain data provided under your Account (such as contact
information) through the account settings;
• You can opt-out from receiving our emails by clicking “
unsubscribe” link;
• You can
delete Photographs;
• You can use the cookie settings tool on our website to change your preferences.
You can also opt out of interest-based advertising with some of the service providers we use, such as
Google
HERE, Google Analytics
HERE.
7. DATA RETENTION:
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out (where applicable), or terminate your use of the Services, or you request to delete your Personal Data. Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.
8. SECURITY MEASURES:
At Pic-Time, security is our highest priority. We have implemented physical, technical and administrative security measures for the Services that comply with applicable laws and industry such as: encryption using11SSL, we minimize the amount of data that we store on our servers, restrict access to Personal Data to Pic- Time employees, contractors and agents, etc. To learn more, you can review our
Security Policy.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at:
dpo@pic-time.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the
appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
9. TRANSFER OF DATA:
Our data servers in which we host and store the information are located in the EU, the US and Australia. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, Salesforce, and other systems. We will take appropriate
measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer. When Personal Data that was collected within the EEA is transferred outside the EEA, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such
Personal Data. You may exercise your rights, where applicable, to receive information regarding the transfer mechanism that was used during such transfer. Personal Data transferred outside the EEA is transferred, in all cases pursuant to standard contractual clauses approved by the European Union ("
SCCs").
Additionally, following the withdrawal of the United Kingdom (“
UK”) from the European Union on januari 31, 2020, the UK is no longer considered to be a part of the EEA and therefore, the transferring of Personal Data from the EEA to the UK will also be subject to the SCCs or other contractual clauses that will ensure
the security of the Personal Data (pending an adequacy decision from the European Commission).
10. ELIGIBILITY AND CHILDREN PRIVACY:
Pic-Time website and Services are not intended for use by children, and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at:
dpo@pic-time.com if you have reason to believe that a child has shared any data with us.
11. JURISDICTION-SPECIFIC NOTICES:
ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 effective januari 1, 2023 (“
CPRA”) (collectively “
CCPA”).Please see the
CCPA Privacy Notice, which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom we share the Personal Information for a business purpose, whether the Personal Information is sole or shared, the retention period, and how to exercise your rights as a California resident.
ADDITIONAL INFORMATION FOR COLORADO RESIDENTS
This section applies to Colorado residents acting only as an individual or household context (and not in a
commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act (“CPA”) please see below the disclosure of the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise
their rights, and appeal such decision, categories of third-parties the controller shares or sells the Personal Data, or sells the Personal Data for advertising and how to opt-out.
“
Personal Data” as defined in the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de- identified or aggregated consumer information; or information excluded from the CPA scope, such as:
Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA),
the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.
“
Sensitive Data” include (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. Under CPA, Pic-Time needs to provide a privacy notice that identifies the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the Personal Data for advertising and how to opt-out.
Highlights SectionsIn
Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we
collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally,
Section 5 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes.
Section 6 to this Privacy Policy details and discloses your rights and Personal Data
shared or sold for targeted advertising.
Deletion Right Exemptions
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your Personal Data. If the request is submitted by someone other than you, proof of authorization (such as power of attorney or probate documents) will be required. The deletion right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons:
(1) complete the transaction for which we collected the Personal Data or Personal Information, provide the service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
(2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
(3) debug products to identify and repair errors that impair existing intended functionality;
(4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
(5) comply with the law or legal obligation;
(6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
(7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
(8) make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.
Response Timeline
We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you
may appeal our decision within a reasonable period time by contacting us at:
dpo@pic-time.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at:
https://coag.gov/file-complaint/.If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request. Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
ADDITIONAL INFORMATION FOR CONNECTICUT RESIDENTS
Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (“
CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and
not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.
“Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual and does
not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
“Sensitive Data” means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data. In certain cases, we will process precise geolocation data if you explicitly enable the GPS permission within our properties. Under CDPA, Pic-Time is required to provide you with a clear and accessible privacy notice that includes categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.Please read the
“Highlights Sections” and
“Deletion Right Exemptions” paragraphs under the
CPA Additional Information.
Response Timeline
We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45-day response period, together with the reason for the extension.If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The
notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link:
https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.
ADDITIONAL INFORMATION FOR VIRGINIA RESIDENTS
Under the Virginia Consumer Data Protection Act, as amended (“
VCDPA”) if you are a resident of Virginia acting in an individual or household context (and
not in an employment or commercial context), you have the following rights with respect to your Personal Data.
“Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act. The VCDPA requires Pic-Time to disclose the categories of Personal Data processed, the purpose of processing, how you can exercise your rights, including how you may appeal our decision with regard to the consumer request, the categories of Personal Data shared with third parties, and with whom, and if the Pic-Time sells Personal Data to third parties or processes Personal Data for targeted advertising. Please read the
“Highlights Sections” and
“Deletion Right Exemptions” paragraphs under the
CPA Additional Information.
Response Timeline
We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you
may appeal our decision within a reasonable period time by contacting us at:
dpo@pic-time.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General
HERE.
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request. Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.
ADDITIONAL INFORMATION FOR UTAH RESIDENTS (EFFECTIVE JENUARY 2024)
Under the Utah Consumer Privacy Act (“
UCPA”) if you are a resident of Utah, acting in an individual or household context (and
not in a commercial or employment context) your rights with respect to your Personal Data are described below.
“Personal Data” means data that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA. Please read the
“Highlights Sections” paragraph under the
CPA Additional Information.
ADDITIONAL NOTICE TO NEVADA RESIDENTS
Nevada law allows Nevada residents to opt out of the sale of certain types of Personal Information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to us at
dpo@pic-time.com or through the
DSR Form.
