Your information: What we collect and how we use it
We collect a variety of types of personal information when you register and utilize our website, mobile site, or mobile applications; purchase any personalized products (“Products”); contact a customer service representative; or complete an optional survey (collectively, our “Services”). This information may be collected directly from you or via your device or browser when you engage with our Services.
We use your information to craft Products, to offer suggestions for Products based on your content, to deliver marketing communications and promotional materials that may be of interest to you, to provide customer service, to guard the security or integrity of our databases or websites, to detect and prevent fraud or illegal activity, to take precautions against liability, to detect and remediate violations of our Terms and Conditions, to develop and improve our Services, and for internal operational purposes.
The chart below describes what categories of data we may collect, how we obtain that data, the business purposes for which we typically use such data, and which types of trusted third-party service providers we may share that data with:
| Information Type | Source | Purpose | Third Party Sharing |
|---|---|---|---|
Identification Data (Name, Address, Phone Number, E-mail) | Provided directly by you |
|
|
Account Data (Encrypted password, Social Media Account Identifier (if used to sign in)) | Provided directly by you and by 3rd party login services |
| None |
User Content (Photos, Images, Text, Preferences) | Provided directly by you |
|
|
Financial Data (Credit Card Information (only last four digits stored), Billing/Shipping Address) | Provided directly by you |
|
|
Transaction Data (Products Purchased, Purchase Date, Purchase Amount) | Provided directly by you |
|
|
Internet Activity Data (Account Creation Date, Log On/Off Dates, IP Address, Browser Brand/Version, Device Information, Operating System, Cookies) | Collected indirectly from your browser or device and associated 3rd party services |
|
|
Demographic Data (Age, birthdate, income range) | Provided directly by you through optional surveys |
|
|
Feedback Data (Product Reviews/Ratings) | Provided directly by you |
|
|
Account Credentials
We use certain 3rd party services to facilitate your login and account creation such as Facebook Connect, Google Sign-In, and Sign in with Apple. By signing in with these services you grant us access to certain information from that site, such as your name, account information and profile photo, in accordance with the site’s account verification procedures and privacy policy.
Cookies
We and our service providers collect information about how you use our Services to analyze trends, generate analytics, enhance your user experience, improve our Products and Services, detect and prevent fraud or security incidents, and gather broad demographic information for aggregate use. Our site and application use “cookies” that are created when you use online services and are stored on your computer or mobile device.
Cookies help us offer convenient features such as storing the contents of your cart and remembering your login and account settings. We also use the information we collect to compile statistics about our users and their use of our site to monitor site traffic, develop marketing campaigns, and improve our Service’s design and content.
You may decide whether or not our software may load cookies onto your computer. You can opt out of cookies at any time by reconfiguring your browser or rejecting our pop-up cookie statement. However, if you do so, you acknowledge that some functionality of our Services may be restricted or disabled without the use of cookies.
Sharing Your Information
We do not sell, license or share the personal data we collect with unaffiliated third parties for their marketing purposes. We do, however, share your data with our contracted service providers, as explained below.
Service Providers
We use 3rd party service providers to help us fulfill your product orders, process your payments, market our products, and analyze the data we collect. Our service providers may receive your name and contact information, payment information, photos and other content you upload to our Services, information about purchases you’ve made, cookies and other device identifiers, IP address, and website browsing and interaction activity. These service providers are only allowed to use your information in connection with the specific service they provide on our behalf.
Your Photos
Sharing your photos
We value the trust you place in us by allowing us to access your photos and we can assure you that we treat Your Content as private information that belongs to you. We share your photos only in the following circumstances:
- In order to provide our service, our employees who work on your order may see Your Content. Similarly, if you print a Product, we will share Your Content with our third-party partners printing partners. As stated before, these parties cannot use your photos outside of their specifically dedicated services.
- If you contribute to a friend’s book you grant that friend permission to view your content and share that content with us to fulfill their order.
We do not use your photos in public advertisements. Your photos may be used to make recommendations directly to you about products you may enjoy, but they will not be shared outside of your account.
Collecting Information from Your Photos
When you upload your photos or give us access to the photos on your device, we collect the EXIF information that your device automatically attach to your photo. Depending on the configuration of your device this information may include the timestamp and location associated with the photo. We use this information to enhance your user experience and improve your user experience and the Product we offer you, this includes the story suggestions we generate especially for you. This information is only used for you. We also automatically associate similar faces, places, and other image characteristics (tags) to the photos you add. These features help us create more intelligent and personalized books. We never group faces across user accounts or attempt to identify the people in your photos nor do we share this information with any third parties. You may disable the face grouping feature in your account at any time, but you accept that our Services may generate less personalized and curated products.
Data Retention
We will only keep your personal data for as long as necessary to fullfil the purposes for which it was collected, including but not limited to order fulfillment or satisfying any legal, accounting, or reporting requirements.
By law we have to keep basic information about our customers (including Identification, Financial and Transaction Data) for 10 years after they stop being customers for tax purposes.
To facilitate your use of the Services, we will retain any photos you have uploaded or products you have previously ordered in your account for as long as your account is active such that you can easily re-order products or utilize your past content to create new products. You can at any point delete this order history and past uploads, but by doing so you agree to lose any access to previous crafted products.
Data Security
We employ technical safeguards and security measures to protect your data. Despite this, we can never entirely guarantee the confidentiality of your data and are not liable for any such breach. In the event we become aware of any user data being disclosed as a result of security breaches or fraud, we reserve the right to investigate, report, and cooperate with the appropriate data protection and law enforcement authorities.
International Transfers
We are headquartered in the United States. We have operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States) that may not provide equivalent levels of data protection as your home jurisdiction. These countries may not have the same data protection laws as the country in which you initially provided the information. By providing Your Information to the Service, you consent to any transfer and processing in accordance with this Policy.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. If the provider is not EU-US Privacy Shield certified, we may use the EU Model Clauses. We are applying for certification with the U.S. Department of Commerce under the EU - U.S. Privacy Shield Framework.
Some of our external third-party providers are based outside of the EEA, so their processing of data will involve a transfer of data outside the EEA.
Legally Required
We may be required to disclose user information pursual to legal requests, such as subpoenas, investigations, court orders, or in compliance with applicable laws. We may also share information with other companies, lawyer, agents, or government agencies in order to protect our rights, property, or interests of customers or other third parties or to prevent illegal activities or violations of our Terms and Conditions.
Business Transfers
In the event of a merger, acquisition, financial du diligence, reorganization, bankruptcy, receivership, asset sale, or transition your data may be shared or transferred to the counter parties of the transaction but will still be subject to the terms of this Privacy Policy.
Children
Our Services are intended for use by general audiences and are not targeted towards children. We will not knowingly collect personally identifiable information from children. If we become aware that a child under the age of 18 has provided personal information through our websites or apps, we will remove their personally identifiable information from our files.
Correcting Errors in Personal Data
To correct errors in your personal data, you may access the setting menu on our website or within the app and upload the necessary corrections. For data not visible in your user profile, please contact us at support@phototales.com with any corrections, and we will be happy to update your personal information to ensure it is accurate and current.
Supplemental Notice to California Residents
If you are a California resident, California law may apply to how we collect and use your personal information, and what rights you have in some circumstances. The following terms supplement our Privacy Policy and explain the rights of California residents.
For information about what categories of personal information we may collect from our customers, the sources of that information, the purposes for collecting and using that information, and what types of third party service providers we may share that information with, please see our section titled ‘Your information: What we collect and how we use it.’
California residents have the following rights:
The right to request information about personal information that we have collected about that customer in the 12 months preceding the customer’s request (including the categories of information collected, the source of that information, the business purpose of that collection, the categories of third parties with whom that information is shared, and the specific pieces of personal information collected about that particular customer);
The right to receive requested information in a readily usable format if provided electronically;
The right to request that we delete any personal information about the consumer that we have collected (although we may be entitled to retain some information for certain purposes);
The right to opt-out of “sales” of personal information to third parties, if applicable; and
The right to freely exercise your rights without being denied goods or services.
We cannot respond to your request to access or delete information unless we are able to both verify your identity or authority to make the request and confirm the personal information relates to you and/or your household. Your identity can be verified simply by logging into your account. You can also designate an authorized agent to make a request on your behalf. Your agent will need to provide a Power of Attorney authorizing the agent to act on your behalf or will need to complete the same verification procedures that would be required for a request submitted by you directly and provide information that allows us to verify your authorization.
We may deny deletion requests in whole or in part as permitted or required by applicable law. We do not charge a different price or rate or provide a different level or quality of goods or services based on your exercising your CCPA rights. We do not sell personal information.
To exercise your rights under California law please contact us as follows:
Phototales
12175 Visionary Way,
#1000 Fishers,
IN 46038
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, you may request and obtain removal of content or information you have publicly posted on such site. To make such a request, please send an email with the subject line “California Minor Content Removal Request” to _____. Please specify the specific information or content that you would like removed.
Supplemental Notice to EU Citizens
Legal Basis For Processing Personal Data (European Economic Area)
This Privacy Policy describes the legal bases we rely on for the processing of Your Information. Please contact us if you have any questions about the specific legal basis we are relying on to process Your Information.
As used in this Privacy Policy, “business purposes” means our interests in conducting our business and developing a business relationship with you. This Supplemental Notice to EU Citizens section of the Privacy Policy describes when we process Your Information for our business purposes, what these purposes are and your rights. We will not use Your Information for activities where the impact on you overrides our interests, unless we have your consent, or those activities are otherwise required or permitted by law.
Your Rights
Pursuant to the European Union General Data Protection Regulation (or GDPR), you have the following rights in relation to your personal data, under certain circumstances:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your personal data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your personal data in a structured, commonly used, and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
If we are relying on a legitimate interest to process your personal data—unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims;
If we are processing your personal data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data you can report it to the data protection authority that is authorized to hear those concerns.
Privacy Policy Updates
As we update our privacy practices, in response to changes in applicable laws or regulations or for any other reason at any time, we may modify this Policy and provide notice to you by posting updates on this page. It is your responsibility to check back periodically to view any updates. Changes to our Policy are immediately effective when posted. If we change this Privacy Policy in any material way, we will endeavor to promptly notify our customers. Your continued use of our Services following such updates acknowledges your acceptance of the new terms.