Privacy policy.

Fotolush

Last Updated: February 27, 2024

INTRODUCTION. 

Welcome to Fotolush ("we," "us," or "our"). This Privacy Policy governs the collection, use, and protection of information obtained from individuals ("users" or "you") who visit or access, interact, and use of the features, functionalities, services, content, and offerings presented, facilitated, or offered through our official website, sub-domains, application, and affiliated platforms, (the "Platform"). This Privacy Policy outlines the types of information we collect, how we use and store that information, and your rights regarding your personal data. By accessing or using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

We are committed to respecting your privacy and protecting your personal information. We understand the importance of maintaining the confidentiality and security of your data. This Privacy Policy explains our practices for handling your information and describes how we collect, process, store, and disclose your data. We comply with applicable privacy laws and regulations to ensure that your information is handled in a responsible and lawful manner.

Please review this Privacy Policy carefully. If you do not agree with the practices outlined in this Privacy Policy, please do not access or use our Platform.

By continuing to use our Platform, you signify your acceptance of this Privacy Policy and your consent to the collection, use, storage, and disclosure of your information in accordance with this Privacy Policy and applicable laws and regulations. If you have any questions or concerns about this Privacy Policy, please contact us using the information provided in the "Contact Us" section below.

We may modify or update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be effective upon posting of the updated Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

TYPES OF DATA WE COLLECT.

In our commitment to providing a personalized and secure user experience, we collect and process various categories of data. This comprehensive approach ensures we can deliver, maintain, and enhance the functionalities of our Platform. The types of data we collect include:

  • Personal Identification Information: This includes information you voluntarily provide when creating an account or for profile verification purposes on our Platform. It comprises details such as your nam, email address, and phone number. 

  • Contact Information: When necessary for profile verification or other Platform functionalities, we may request your phone number. This information is used solely for the purposes for which it is collected and with your explicit consent.

  • Image Uploads and Instructions: Our Platform allows you to upload images for professional retouching and to provide specific instructions related to those images. This unique category of user-generated content is essential for tailoring our services to meet your needs.

  • Social Media Credentials: For users choosing to log in with their social media accounts, we collect authentication data required to integrate our Platform with these services, enhancing your user experience and streamlining access. This data may include your name and profile picture.

  • Device and Access Information: To ensure optimal service performance and security, we gather information about the devices and networks used to access our Platform. This includes IP addresses, device types, device ID, browser specifications, and operating system details.

  • Usage Data: We analyze how you interact with our Platform, tracking engagements with various features and functionalities. This helps us improve the Platform's user experience and adapt our services to better suit user preferences.

  • Encryption and Security Data: We employ advanced encryption techniques to protect the data you share with us. Information regarding the encryption standards and security measures in place is collected to continuously enhance data protection.

We ensure that the collection, processing, and storage of your data are conducted with the highest regard for your privacy, in strict adherence to relevant data protection laws and regulations. Our primary goal is to maintain the confidentiality and integrity of your data while providing a personalized and secure user experience. Please be aware that by uploading images to our Platform, you acknowledge the potential risks associated with internet data transmission. We encourage you to only share images that you would be comfortable having in a public domain, despite our rigorous security measures.

HOW WE COLLECT DATA.

Our Platform employs a multifaceted approach to data collection, ensuring comprehensive coverage that enhances user experience while upholding our commitment to data privacy and security. The methodologies employed in the acquisition of data are as follows:

  • Direct User Submission: This is our primary method of data collection, occurring when you voluntarily provide information during the account creation process or when linking your social media credentials for account access. This includes any information you share while interacting with our customer support or through feedback submissions.

  • Mobile Device Data: When you access our Platform via a mobile device, we may collect specific device information including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device's interaction with our services.

  • Analytics Providers: We also collect data through analytics providers who help us understand how users engage with our Platform. This includes aggregated statistical analysis to gain insights into how our services are used and how we can improve them.

  • Cross-Platform Tracking: To enhance personalization and improve user experience, we may use cookies, web beacons, and other similar technologies to track your activities across other websites and apps. This tracking allows us to understand your preferences and behavior on a broader scale. You will be prompted to grant permission for this type of tracking, and you have the option to accept or decline. Our use of such technologies is in strict adherence to applicable privacy laws and our Privacy Policy.

  • Location Data: With your consent, we may also collect location data to provide location-based services and content. This information can be collected through GPS, Wi-Fi, cellular networks, or other means. You will be prompted to allow or deny access to your location data, and you can change your preferences at any time through your device settings.

Our data collection practices are designed to provide a comprehensive understanding of user needs and preferences, enabling us to deliver a more personalized and efficient service. We adhere to the highest standards of data protection and privacy, ensuring that all data collection methods are compliant with applicable laws and regulations.

HOW WE USE DATA.

The information collected through our Platform is utilized in a variety of ways, each aimed at delivering an enhanced user experience, ensuring the smooth operation of our services, and maintaining a high standard of security and compliance. The specific uses of your data include:

  • Service Delivery and Management: We use your data to operate, maintain, and provide the features and functionality of the Platform. This includes using your information to create and manage your account, provide customer support, and ensure seamless user interaction with our Platform.

  • Personalization of User Experience: By understanding your preferences and usage patterns, we tailor your experience on our Platform. 

  • Communication and Customer Support: We use your contact information to communicate with you about our Platform, including notifying you of any changes to our services, sending service-related notices, and responding to your queries and feedback. This ensures an open line of communication and effective resolution of any issues.

  • Enhancement and Development of New Features: Your data aids in our ongoing effort to improve existing Platform and develop new features and functionalities. This includes conducting research, analysis, and performing statistical studies to better understand how our services are used and how we can innovate.

  • Security and Fraud Prevention: To ensure the integrity and security of our Platform, we use your data to detect, investigate, and prevent fraudulent transactions and other illegal activities. This includes monitoring for suspicious activity and enforcing our terms and conditions.

  • Legal Compliance and Enforcement: We process your data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. This includes using information to protect the rights, property, or safety of Fotolush and our users.

  • Marketing and Promotional Initiatives: We use your information to develop targeted marketing campaigns and promotions. 

  • Analytics and Performance Monitoring: To understand the effectiveness of our services and marketing campaigns, and to make improvements, we use data analytics. This helps us measure platform performance and user engagement, guiding strategic decisions.

  • Aggregate Insights: We may use your information to generate aggregate insights. These insights are derived from a collective analysis of user data and are used for business analysis, operational improvement, and strategic planning.

  • User Feedback: Information obtained through user feedback is utilized to address user concerns, improve user experience, and guide product and service development.

We handle your data with the utmost care and responsibility, ensuring that its use aligns with this privacy policy, and adheres to applicable data protection laws and regulations. The data is processed with a clear purpose in mind, respecting the trust you place in us when you share your personal information.

NO SALE OF DATA.

Commitment to Data Privacy: We uphold the highest standards of data privacy and are committed to protecting the personal information of our users. In line with this commitment, we firmly assert that we do not engage in the sale of any user's personal data. This stance is a core element of our privacy practices and reflects our dedication to maintaining the trust and confidence of our users.

Definition of Data Sale: For clarity, the term "sale" of data, as used in this Privacy Policy, refers to the exchanging, transferring, or otherwise making available of a user's personal data to third parties for monetary or other valuable consideration. We understand the importance of this distinction and assure our users that their personal data will not be treated as a commodity in any business transactions.

Exceptions and Permitted Disclosures: It is important to note that this Privacy Policy does not preclude us from sharing data in ways that do not constitute a "sale" as defined above. This includes sharing information with service providers who assist us in operating our Platform, conducting our business, or serving our users, so long as these parties agree to keep this information confidential and use it solely for the purposes we have directed. Moreover, we may disclose personal data when legally required to do so, to comply with a subpoena, bankruptcy proceedings, or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Transparency and User Control: We prioritize transparency in all our data practices and aim to provide our users with control over their personal data. In line with this, we ensure that users are informed about the types of data we collect, the purposes for which we collect it, and the circumstances under which it might be shared, as detailed in other sections of this Privacy Policy.

Regular Review and Updates: This No Sale of Data policy is subject to regular review and may be updated to reflect changes in our practices or legal obligations. Any updates will be communicated through revisions to our Privacy Policy, and we encourage users to review this policy periodically to stay informed about how we protect their personal information.

LAWFUL BASIS FOR COLLECTION.

Our Platform is committed to ensuring the lawful and transparent collection of data, adhering to the highest standards of privacy and data protection laws. The basis for collecting, processing, and using your personal data are as follows:

  • Consent: A primary legal basis for the collection of your data is your explicit consent. When you register for our Platform, use our services, or voluntarily provide information, you are giving us your consent to process your personal data for specified purposes. This consent is freely given, specific, informed, and unambiguous, as per data protection regulations. You have the right to withdraw your consent at any time, although this will not affect the lawfulness of processing based on consent before its withdrawal.

  • Contractual Necessity: We collect and process personal data as necessary to enter into or perform a contract with you. When you agree to our Terms of Service, you enter into a contractual relationship with us. The processing of your data is essential for the performance of this contract, enabling us to provide you with the services you request and manage our contractual obligations.

  • Legal Obligation: In certain instances, we are legally required to collect and process your data. This includes compliance with tax laws, anti-fraud regulations, and other legal requirements. Processing of your personal data in these cases is necessary for compliance with a legal obligation to which we are subject.

  • Legitimate Interests: We may process your data when it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. These legitimate interests include but are not limited to:

    • Enhancing, modifying, personalizing, or otherwise improving our services and communications for the benefit of our users.

    • Identifying and preventing fraud.

    • Ensuring the security and integrity of our services.

    • Understanding how our users interact with our services.

    • Management and operation of our business and services.

  • Vital Interests: In rare situations, we may process personal data to protect an individual's vital interests, such as in emergency medical situations.

We assure you that all personal data is collected and processed in compliance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and other regional data privacy laws. Our data collection and processing practices are continually reviewed and updated to maintain compliance with these laws.

HOW WE SHARE DATA.

In the course of providing our services and operating our Platform, there are circumstances under which we may share the personal data we collect with certain third parties. Our approach to data sharing is governed by a commitment to user privacy and compliance with applicable data protection laws. The following outlines the scenarios in which data sharing may occur:

  • Service Providers and Partners: We engage with various third-party service providers and partners who perform functions on our behalf. These include hosting, data analysis, payment processing, infrastructure provision, IT services, photo retouching, customer service, email delivery services, and other similar services. Access to your personal data by these service providers is limited to the information reasonably necessary for them to perform their functions and they are contractually bound to maintain the confidentiality and security of the data.

  • Legal Compliance and Protection of Rights: We may disclose your personal data if required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to our successor or affiliate or other relevant third party as part of the transaction.

  • Analytics and Research: We share data with third parties for analytics purposes to understand the usage patterns, preferences, and demographics of our users for enhancing our services and for market research.

  • Consent-Based Sharing: In specific instances, we may share your personal data with third parties based on your explicit consent. You will be notified about such potential sharing and your consent will be sought prior to any data being shared.

We implement strict contractual and technical measures to ensure that your data is handled securely and in accordance with this Privacy Policy when shared with third parties. We regularly review our data sharing practices to ensure they align with legal obligations and best practices.

DATA SECURITY.

The security of your personal data is of paramount importance to us. We are committed to implementing and maintaining rigorous technical and organizational measures to protect the data we collect and process. Our data security protocols are designed to safeguard your information against unauthorized access, alteration, disclosure, and destruction. The following outlines our comprehensive approach to data security:

  • Encryption and Secure Data Transmission: We employ advanced encryption technologies to ensure the secure transmission of your personal data over the internet. Our Platform uses industry-standard SSL (Secure Socket Layer) encryption to protect data in transit.

  • Secure Data Storage: Your personal data is stored on secure servers that are protected by advanced firewall technology and continually monitored to prevent unauthorized access. Access to these servers is strictly controlled and limited to authorized personnel only.

  • Regular Security Assessments and Compliance Audits: We conduct regular security assessments and compliance audits to identify potential vulnerabilities and implement corrective actions. This includes reviewing our data collection, storage, and processing practices, as well as physical security measures.

  • Data Minimization and Access Control: We adhere to the principles of data minimization, ensuring that only necessary data is collected and processed. Access to your personal data is strictly limited to employees, contractors, and agents who need to know that information to process it on our behalf. These individuals are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

  • Incident Response Plan: In the event of a data breach, we have an incident response plan in place to promptly address and mitigate the effects of the breach. We will notify affected individuals and relevant authorities as required by law.

  • Employee Training and Awareness: We provide regular training to our employees on data protection and privacy to ensure they understand the importance of protecting personal data and the legal requirements to which we are subject.

  • Third-Party Vetting and Compliance: We carefully vet all third-party service providers who handle your personal data to ensure they provide adequate security measures and are compliant with relevant data protection laws.

  • Continuous Improvement: We are committed to continuously improving our data security practices. We stay abreast of the latest developments in security technology and adapt our security measures to maintain the highest level of protection for your data.

We recognize the trust you place in us when you provide us with your personal data and are dedicated to maintaining that trust through our robust data security measures. Please be aware that no method of transmission over the internet or method of electronic storage is completely infallible. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We encourage you to exercise caution in the transmission of any personal data and to use secure networks and encryption methods where possible.

DATA BREACH NOTIFICATION.

In the unlikely event of a data breach, we are fully committed to acting swiftly and responsibly to mitigate any potential harm. Our Data Breach Notification protocol is designed to address such situations with the utmost urgency and transparency, in full compliance with applicable data protection laws. The key components of our Data Breach Notification process are as follows:

  • Immediate Response and Investigation: Upon discovering a data breach, we will promptly initiate an investigation to determine the scope and impact of the incident. This involves identifying the nature of the breach, the type of data affected, the number of individuals impacted, and the potential risks associated with the breach.

  • Containment and Remediation: Our immediate priority is to contain the breach and prevent any further unauthorized access or dissemination of personal data. We will take all necessary steps to secure our systems, including but not limited to, temporary shutdowns, isolating affected systems, and enhancing security measures.

  • Notification to Authorities: In accordance with legal requirements, we will report the breach to the relevant data protection authorities without undue delay, typically within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

  • Notification to Affected Individuals: If the breach poses a high risk to the rights and freedoms of individuals, we will notify the affected users directly. This notification will be clear, concise, and will provide details of the nature of the breach, the likely consequences, the measures taken to address it, and advice on steps they can take to protect themselves. Notifications will be made without undue delay, in accordance with the timeframe stipulated by applicable laws.

  • Detailed Documentation: Every data breach incident will be thoroughly documented, detailing the facts relating to the breach, its effects, and the remedial actions taken. This documentation will be made available to the relevant regulatory authorities as required.

  • Continuous Improvement and Review: Following a breach, we will conduct a thorough review of our data protection policies and practices and implement improvements to prevent future occurrences. This includes updating our security infrastructure, enhancing employee training, and revising our incident response strategies.

  • Communication and Transparency: Throughout the process, we are committed to maintaining clear and open communication with all affected parties and stakeholders. We will provide updates as more information becomes available and offer guidance on protective measures and support.

We understand the importance of your personal data and are committed to upholding the highest standards of data protection and breach response. Our Data Breach Notification protocol is a testament to our dedication to data security and our responsibility towards our users.

DATA RETENTION.

Our data retention policies are crafted with the utmost respect for user privacy and in strict adherence to applicable data protection laws. We are committed to retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in our Privacy Policy, and as required by law. The following principles guide our data retention practices:

  • Purpose-Limited Retention: We retain personal data in a manner consistent with the purposes for which it was originally collected, as detailed in the 'How We Use Data' section of this Privacy Policy. This includes retaining data for the duration necessary to provide our Platform's services, maintain our business relationships, and comply with legal obligations.

  • Legal and Regulatory Requirements: In some instances, we may be legally required to retain certain data for a specified period due to regulatory requirements, such as financial records for tax purposes. In such cases, the data will be retained in accordance with the applicable legal or regulatory retention period.

  • User Account Information: Personal data associated with your account will be retained for as long as your account remains active. In the event of account deactivation or deletion, we will retain your data for a limited period as necessary to protect our legal interests, comply with regulatory requirements, resolve disputes, enforce our agreements, and carry out any other necessary business functions.

  • Data Minimization and Review: We regularly review our data retention practices to ensure that we do not retain personal data beyond the necessary period. Our aim is to minimize data retention and securely delete or anonymize personal data that is no longer required for the stated purposes.

  • Secure Deletion: Upon reaching the end of the retention period, personal data is securely deleted or anonymized, so it can no longer be associated with an individual. We employ industry-standard techniques to safely dispose of personal data to prevent unauthorized access or use.

  • Special Circumstances: In certain circumstances, we may retain data for longer periods, particularly if required by law, in the context of an ongoing legal proceeding, or as necessary to support business operations, such as fraud prevention, IT backup systems, and safeguarding the stability and security of our operations.

  • Retention for Research and Analysis: We may retain anonymized or aggregated data for research and analytical purposes. This data is stripped of personal identifiers and is used to gain insights that can drive improvements in our services.

CHILDREN’S PRIVACY.

Our Platform is committed to protecting the privacy of children. Consistent with the Children's Online Privacy Protection Act (COPPA) and other applicable laws and regulations, we do not knowingly collect, use, or disclose personal information from children under the age of 18.

  • Age Restriction: Our services are not directed to children under the specified age. We do not knowingly engage in transactions or communications with children under this age. Our Terms of Service prohibit users under this age from accessing our Platform and services.

  • Parental Consent and Involvement: If we learn that we have collected personal information from a child under the specified age without parental consent, we will take steps to delete the information as soon as possible. We strongly encourage parents and guardians to take an active role in their children’s online activities and to inform us if they believe their child has provided personal information to us without their consent.

  • Information Collection Practices Regarding Children: In the rare event that we collect personal information from children under the specified age with parental consent, such information will be used solely for the purpose for which it was collected, and in accordance with this Privacy Policy.

  • Access and Deletion Requests by Parents or Guardians: Parents or guardians who believe that their child under the specified age has submitted personal information to our Platform can contact us to request access to, correction of, or deletion of their child’s personal data.

  • Commitment to Data Security: We understand the importance of safeguarding children’s privacy and security online. We implement stringent security measures to protect children's personal information and comply with relevant legal requirements pertaining to data protection and privacy.

  • Updates to our Children’s Privacy Policy: This policy may be updated periodically to reflect changes in our practices or legal requirements. We encourage parents and guardians to review this policy regularly.

  • Reporting Concerns: We take concerns about children's privacy seriously. If you have any questions or concerns about our Children's Privacy Policy or our practices concerning children’s personal data, please contact us using the information provided in the "Contact Us" section.

INTERNATIONAL TRANSFER POLICY.

In our global operations, we recognize that the transfer of personal data across international borders requires special consideration and adherence to applicable legal frameworks. Our International Data Transfer Policy is designed to ensure that personal data is protected irrespective of the geographical location where it is processed or stored. The following outlines our approach to international data transfers:

  • Compliance with International Data Protection Laws: We comply with all applicable data protection laws and regulations when transferring personal data internationally. This includes adherence to the General Data Protection Regulation (GDPR) for transfers of personal data from the European Union (EU) and European Economic Area (EEA), as well as other regional and national data protection laws.

  • Transfer Mechanisms: We employ legally recognized data transfer mechanisms to ensure the lawful transfer of personal data. This includes the use of Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and adherence to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks where applicable.

  • Data Protection in Third Countries: When transferring data to countries that may not have equivalent data protection laws, we take steps to ensure that adequate safeguards are in place. This includes assessing the level of data protection in the recipient country, and implementing appropriate safeguards such as data processing agreements and ensuring the recipient organizations are committed to data protection.

  • Regular Review and Auditing: Our international data transfer practices are regularly reviewed and audited to ensure compliance with changing laws and regulations. We remain committed to upholding the highest standards of data privacy, regardless of where data is processed or stored.

  • Collaboration with International Authorities: We work in collaboration with data protection authorities and other regulatory bodies to ensure our data transfer practices align with international data protection principles and legal requirements.

  • Data Processing Agreements: Where third-party service providers are involved in the processing of personal data on our behalf, we ensure that they are bound by contractual obligations to process the data in accordance with our data protection standards and applicable laws.

  • Transparency and User Rights: We maintain transparency about our data transfer practices and respect the rights of our users to access, correct, or delete their personal data, regardless of where it is processed.

Our commitment to protecting your personal data extends to our international operations. We strive to implement robust and compliant data transfer practices, ensuring the secure and lawful processing of your data across borders.

CALIFORNIA RIGHTS.

In compliance with the California Consumer Privacy Act (CCPA) and other relevant California state laws, we recognize and respect the privacy rights of our users residing in California. This provision outlines the specific rights granted to California residents and explains how these rights can be exercised.

  • Right to Know: California residents have the right to request disclosure of our data collection and sales practices in relation to their personal data, including the categories of personal data we have collected, the source of the data, our use of the data, and, if applicable, whether we have sold or disclosed it.

  • Right to Access: You have the right to request a copy of the specific personal information collected about you during the 12 months before your request.

  • Right to Deletion: California residents have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as provided by law.

  • Right to Opt-Out of Sale: If we sell personal information, California residents have the right to opt-out of the sale of their personal information. We will provide an opt-out link on our website or you can contact us directly to exercise this right.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means that we will not deny goods or services, charge different prices, provide a different level or quality of services, or suggest that you might receive a different price or rate for services or a different level or quality of goods or services.

  • Right to Appointment of an Authorized Agent: California residents have the right to appoint an authorized agent to exercise their rights on their behalf.

  • Process for Making a Request: To exercise any of the above rights, California residents can submit a request via our provided contact details. We will verify your identity before responding to your request, using personal information provided by you.

  • Response Timeframe and Format: We aim to respond to consumer requests within forty-five (45) days of receiving them. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

  • Annual Reporting: In compliance with the CCPA, we will compile and disclose the number of requests to know, requests to delete, and requests to opt-out that we have received, complied with in whole or in part, and denied, and will maintain records of this information.

USER RIGHTS.

In alignment with our commitment to data privacy and in compliance with applicable data protection laws, we acknowledge and support the following rights of our users regarding their personal data. These rights are integral to our privacy practices and provide users with control and transparency over their personal information.

  • Right to Access: You have the right to request access to the personal data we hold about you. This includes the right to be informed of the nature, processing, and disclosure of your personal data.

  • Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.

  • Right to Erasure (‘Right to be Forgotten’): You may request the deletion or removal of your personal data when there is no compelling reason for its continued processing.

  • Right to Restrict Processing: Under certain conditions, you have the right to ‘block’ or suppress further use of your personal data.

  • Right to Data Portability: Where applicable, you have the right to receive, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, and the right to transmit that data to another controller.

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, especially in the case where data processing is based on the grounds of legitimate interests.

  • Right to Withdraw Consent: If the processing of your personal data is based on consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. Exercising these rights will not result in any negative consequences or a lower quality of service.

  • Automated Decision-Making and Profiling Rights: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

  • Process for Exercising Rights: To exercise any of these rights, please contact us using the contact information provided. We will respond to your request in accordance with applicable law and within any legally required time frame.

  • Verification of Requests: To protect your privacy and security, we may take steps to verify your identity before complying with the request.

We are dedicated to upholding these rights and ensuring that you have full control over your personal data. Our practices are continually reviewed and updated to comply with evolving data protection laws and regulations.

HOW TO EXERCISE YOUR RIGHTS.

Submitting Requests: To exercise any of your rights, you are invited to submit a formal request via email to our designated Privacy Rights email address, which is privacy@fotolush.com. This dedicated channel ensures that your inquiries are handled promptly and efficiently by our Privacy Compliance team.

Identity Verification: Upon receipt of your request, we may need to verify your identity to protect your data from unauthorized access. This verification may require you to provide additional information, such as a copy of a government-issued identification or answering security questions related to your account.

Timely Response: We are committed to responding to your request within the time frame required by applicable law, typically within one month of receiving a verifiable request. If we require more time, we will inform you of the reason and extension period in writing.

Assistance: If you have questions about the type of personal data we hold about you or the ways in which we use it, our Privacy Compliance team is available to provide the necessary clarifications. We strive to ensure you have full understanding and control over your personal data.

Cost-Free Process: You will not be required to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Legal Limitations: There may be situations where we are legally permitted or required to deny your request or where exceptions to your rights apply. If we cannot comply with your request, we will explain the reasons to you.

Ongoing Support: Our commitment to your privacy does not end with the submission of a request. We will continue to provide assistance and support as you exercise your rights and will ensure ongoing compliance with all data protection laws and regulations.

DO NOT TRACK SIGNALS.

Our Platform currently does not respond to "Do Not Track" (DNT) signals from web browsers. DNT is a privacy preference that you can set in your web browser to indicate your preference regarding the tracking of your online activities.

While many web browsers support the DNT feature, there is no standard interpretation or industry consensus regarding the meaning of DNT signals. As a result, our Platform does not currently recognize or respond to DNT signals.

Please note that even if you have enabled the DNT feature in your web browser, certain third-party services integrated into our Platform may still collect and track your online activities in accordance with their own privacy policies. We encourage you to review the privacy policies of these third-party services for more information on their tracking practices.

MODIFICATION.

We reserve the right to modify or update this Privacy Policy at any time. Any changes we make will be effective immediately upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

By continuing to use our Platform after any changes to this Privacy Policy, you acknowledge and agree to the updated terms. It is your responsibility to review this Privacy Policy periodically and ensure that you are aware of any modifications. If you disagree with any changes, you should discontinue your use of our Platform and contact us if you would like to request the deletion of your personal information.

Please note that any provision of this Privacy Policy that imposes an obligation on you or grants us a right will survive the termination or expiration of this Privacy Policy or your use of our Platform.

WEB BEACONS.

What are Web Beacons: Web beacons are small graphic images or other web programming code that can be included in our web pages and e-mail messages. Invisible to the user, these beacons are typically as small as a single pixel and function in a similar manner to cookies.

How They Work: Web beacons are used to track online movements of web users or to access cookies. They help us understand how users interact with our Platform by transmitting information back to us or our partners.

User Engagement Tracking: Web beacons track user behavior on our Platform, such as page views and email interaction. This information helps us understand user preferences and improve the content and functionality of our Platform.

Email Communications: In our email communications, web beacons allow us to determine whether our emails are opened and if the links within them are clicked. This data assists us in making our communications more relevant and informative for our users.

Advertising and Marketing Analysis: We use web beacons to gauge the effectiveness of our advertising campaigns. By understanding user interactions and responses to our marketing efforts, we can tailor our strategies to better meet user interests and needs.

Site Performance and Analytics: Web beacons contribute to our analytics by gathering aggregate data. This includes analyzing trends, administering the site, and gathering demographic information about our user base as a whole.

Opting Out: While web beacons are inherently anonymous, you have the option to control their use through various browser settings and third-party tools. Disabling cookies in your browser will also limit the functionality of web beacons associated with those cookies.

CONTACT US.

We value open communication with our users and welcome any questions, concerns, or feedback regarding this Privacy Policy or our data handling practices. Our dedicated team is committed to addressing your inquiries and providing timely and clear responses. Please find below the various channels through which you can reach us:

  • Email Communication: For direct and convenient communication, you can email us at privacy@fotolush.com. We aim to respond to all email inquiries within 48 hours during business days.

  • Contact Form: We also offer a contact form on our Platform. This form is a quick way to reach out to us with any questions or feedback. The form is accessible through the 'Contact Us' section on our website.

  • Accessibility: We are committed to ensuring that our communication channels are accessible to all our users, including those with disabilities. If you require any special accommodations, please let us know, and we will do our best to assist you.

  • Language Support: Our customer service team is capable of handling inquiries in multiple languages. If you require assistance in a language other than English, please indicate this in your communication, and we will endeavor to accommodate your needs.

We are dedicated to providing a prompt response to all inquiries. If your issue requires more in-depth investigation, we will keep you informed about the status of your query and provide a timeframe for resolution.